7.8
CVE-2024-38667
- EPSS 0.03%
- Published 24.06.2024 14:15:12
- Last modified 30.05.2025 19:30:24
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Open
LoginIn the Linux kernel, the following vulnerability has been resolved:
riscv: prevent pt_regs corruption for secondary idle threads
Top of the kernel thread stack should be reserved for pt_regs. However
this is not the case for the idle threads of the secondary boot harts.
Their stacks overlap with their pt_regs, so both may get corrupted.
Similar issue has been fixed for the primary hart, see c7cdd96eca28
("riscv: prevent stack corruption by reserving task_pt_regs(p) early").
However that fix was not propagated to the secondary harts. The problem
has been noticed in some CPU hotplug tests with V enabled. The function
smp_callin stored several registers on stack, corrupting top of pt_regs
structure including status field. As a result, kernel attempted to save
or restore inexistent V context.Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.7 < 6.1.93
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.33
Linux ≫ Linux Kernel Version >= 6.7 < 6.9.4
Linux ≫ Linux Kernel Version6.10 Updaterc1
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.082 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.