CVE-2024-40989
Published: July 16, 2024Last modified: July 16, 2024
Description
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.97-r0) |
| 25 LTS | linux-lts | Fixed (6.12.41-r0) | |
| Stream | linux-lts | Fixed (6.12.41-r0) |
References
- https://git.kernel.org/stable/c/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8
- https://git.kernel.org/stable/c/152b4123f21e6aff31cea01158176ad96a999c76
- https://git.kernel.org/stable/c/48bb62859d47c5c4197a8c01128d0fa4f46ee58c
- https://git.kernel.org/stable/c/68df4fc449fcc24347209e500ce26d5816705a77
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html