4.4

CVE-2024-36953

EPSS 0.02%
Veröffentlicht 30.05.2024 16:15:18
Zuletzt bearbeitet 21.11.2024 09:22:53
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()

vgic_v2_parse_attr() is responsible for finding the vCPU that matches
the user-provided CPUID, which (of course) may not be valid. If the ID
is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled
gracefully.

Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id()
actually returns something and fail the ioctl if not.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 4404465a1bee3607ad90a4c5f9e16dfd75b85728

Version 7d450e2821710718fd6703e9c486249cee913bab

Status affected

Version < 17db92da8be5dd3bf63c01f4109fe47db64fc66f

Version 7d450e2821710718fd6703e9c486249cee913bab

Status affected

Version < 3a5b0378ac6776c7c31b18e0f3c1389bd6005e80

Version 7d450e2821710718fd6703e9c486249cee913bab

Status affected

Version < 8d6a1c8e3de36cb0f5e866f1a582b00939e23104

Version 7d450e2821710718fd6703e9c486249cee913bab

Status affected

Version < 01981276d64e542c177b243f7c979fee855d5487

Version 7d450e2821710718fd6703e9c486249cee913bab

Status affected

Version < 6ddb4f372fc63210034b903d96ebbeb3c7195adb

Version 7d450e2821710718fd6703e9c486249cee913bab

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.7

Status affected

Version < 4.7

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.217

Status unaffected

Version <= 5.15.*

Version 5.15.159

Status unaffected

Version <= 6.1.*

Version 6.1.91

Status unaffected

Version <= 6.6.*

Version 6.6.31

Status unaffected

Version <= 6.8.*

Version 6.8.10

Status unaffected

Version <= *

Version 6.9

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.024

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html

https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487

https://git.kernel.org/stable/c/17db92da8be5dd3bf63c01f4109fe47db64fc66f

https://git.kernel.org/stable/c/3a5b0378ac6776c7c31b18e0f3c1389bd6005e80

https://git.kernel.org/stable/c/4404465a1bee3607ad90a4c5f9e16dfd75b85728

https://git.kernel.org/stable/c/6ddb4f372fc63210034b903d96ebbeb3c7195adb

https://git.kernel.org/stable/c/8d6a1c8e3de36cb0f5e866f1a582b00939e23104

https://nvd.nist.gov/vuln/detail/CVE-2024-36953

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-36953

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-36953

EUVD