7.1
CVE-2024-39499
- EPSS 0.01%
- Published 12.07.2024 13:15:12
- Last modified 17.09.2025 16:24:36
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in event_deliver() Coverity spotted that event_msg is controlled by user-space, event_msg->event_data.event is passed to event_deliver() and used as an index without sanitization. This change ensures that the event index is sanitized to mitigate any possibility of speculative information leaks. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Only compile tested, no access to HW.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.9 < 4.19.317
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.279
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.221
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.162
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.95
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.35
Linux ≫ Linux Kernel Version >= 6.7 < 6.9.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.003 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.