5.5
CVE-2024-56716
- EPSS 0.2%
- Veröffentlicht 29.12.2024 09:15:06
- Zuletzt bearbeitet 03.11.2025 21:18:22
- CVE-Watchlists
- Unerledigt
netdevsim: prevent bad user input in nsim_dev_health_break_write()
In the Linux kernel, the following vulnerability has been resolved: netdevsim: prevent bad user input in nsim_dev_health_break_write() If either a zero count or a large one is provided, kernel can crash.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.233
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.176
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.122
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.68
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.7
Linux ≫ Linux Kernel Version6.13 Updaterc1
Linux ≫ Linux Kernel Version6.13 Updaterc2
Linux ≫ Linux Kernel Version6.13 Updaterc3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.102 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-1284 Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
https://git.kernel.org/stable/c/470c5ecbac2f19b1cdee2a6ce8d5650c3295c94b
https://git.kernel.org/stable/c/81bdfcd6e6a998e219c9dd49ec7291c2e0594bbc
https://git.kernel.org/stable/c/8e9ef6bdf71bf25f4735e0230ce1919de8985835
https://git.kernel.org/stable/c/b3a6daaf7cfb2de37b89fd7a5a2ad4ea9aa3e181
https://git.kernel.org/stable/c/d10321be26ff9e9e912697e9e8448099654ff561
https://git.kernel.org/stable/c/ee76746387f6233bdfa93d7406990f923641568f
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html