5.5

CVE-2024-44969

s390/sclp: Prevent release of buffer in I/O

In the Linux kernel, the following vulnerability has been resolved:

s390/sclp: Prevent release of buffer in I/O

When a task waiting for completion of a Store Data operation is
interrupted, an attempt is made to halt this operation. If this attempt
fails due to a hardware or firmware problem, there is a chance that the
SCLP facility might store data into buffers referenced by the original
operation at a later time.

Handle this situation by not releasing the referenced data buffers if
the halt attempt fails. For current use cases, this might result in a
leak of few pages of memory in case of a rare hardware/firmware
malfunction.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.19.320
LinuxLinux Kernel Version >= 4.20 < 5.4.282
LinuxLinux Kernel Version >= 5.5 < 5.10.224
LinuxLinux Kernel Version >= 5.11 < 5.15.165
LinuxLinux Kernel Version >= 5.16 < 6.1.105
LinuxLinux Kernel Version >= 6.2 < 6.6.46
LinuxLinux Kernel Version >= 6.7 < 6.10.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.12
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633
Patch
https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05
Patch
https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506
Patch
https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79
Patch
https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe
Patch
https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148
Patch
https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463
Patch
https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html