CVE-2024-45021

In the Linux kernel, the following vulnerability has been resolved: memcg_write_event_control(): fix a user-triggerable oops we are *not* guaranteed that anything past the terminating NUL is mapped (let alone initialized with anything sane).

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e	Patch
https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227	Patch
https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8	Patch
https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61	Patch
https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7	Patch
https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b	Patch
https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c	Patch
https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc3::::::

History

13 Sep 2024, 16:36

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CWE		CWE-476
References	~~() https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e -~~	() https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e - Patch
References	~~() https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227 -~~	() https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227 - Patch
References	~~() https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8 -~~	() https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8 - Patch
References	~~() https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61 -~~	() https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61 - Patch
References	~~() https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7 -~~	() https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7 - Patch
References	~~() https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b -~~	() https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b - Patch
References	~~() https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c -~~	() https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c - Patch
References	~~() https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411 -~~	() https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411 - Patch
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: memcg_write_event_control(): corrige un error que puede ser activado por el usuario. Oops, no tenemos garantía de que todo lo que esté más allá del NUL de terminación se asigne (y mucho menos se inicialice con algo sensato).
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.11:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc3::::::

11 Sep 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-11 16:15

Updated : 2024-09-13 16:36

NVD link : CVE-2024-45021

Mitre link : CVE-2024-45021

CVE.ORG link : CVE-2024-45021

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2024-45021", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-09-11T16:15:07.103", "references": [{"url": "https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg_write_event_control(): fix a user-triggerable oops\n\nwe are *not* guaranteed that anything past the terminating NUL\nis mapped (let alone initialized with anything sane)."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: memcg_write_event_control(): corrige un error que puede ser activado por el usuario. Oops, *no* tenemos garant\u00eda de que todo lo que est\u00e9 m\u00e1s all\u00e1 del NUL de terminaci\u00f3n se asigne (y mucho menos se inicialice con algo sensato)."}], "lastModified": "2024-09-13T16:36:31.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBEF6731-CEFF-4F68-87C3-0C83A2F70337", "versionEndExcluding": "4.19.321", "versionStartIncluding": "2.6.34"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E6B390A-0CE6-44FC-8CD5-BE8226D6D24C", "versionEndExcluding": "5.4.283", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C57B46A9-B105-4792-8481-1870DEFB436A", "versionEndExcluding": "5.10.225", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "913ED6CD-8ACF-48AF-AA18-7880881DD402", "versionEndExcluding": "5.15.166", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53954FF8-CB48-4302-BC4C-9DA7A88F44A2", "versionEndExcluding": "6.1.107", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DE9201A-CE6B-4726-BABB-8265EA0F8AE4", "versionEndExcluding": "6.6.48", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2AFDFD1-D95A-4EB7-843B-5E7659518B67", "versionEndExcluding": "6.10.7", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}

5.5 /10