CVE-2024-42093
Published: July 31, 2024Last modified: July 31, 2024
Description
In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code should always use *cpumask_var API(s) to allocate cpumask var in config-neutral way, leaving allocation strategy to CONFIG_CPUMASK_OFFSTACK. Use *cpumask_var API(s) to address it.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.3 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | LOW |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.97-r0) |
| 25 LTS | linux-lts | Fixed (6.12.41-r0) | |
| Stream | linux-lts | Fixed (6.12.41-r0) |
References
- https://git.kernel.org/stable/c/48147337d7efdea6ad6e49f5b8eb894b95868ef0
- https://git.kernel.org/stable/c/5e4f25091e6d06e99a23f724c839a58a8776a527
- https://git.kernel.org/stable/c/69f49527aea12c23b78fb3d0a421950bf44fb4e2
- https://git.kernel.org/stable/c/763896ab62a672d728f5eb10ac90d98c607a8509
- https://git.kernel.org/stable/c/a55afc0f5f20ba30970aaf7271929dc00eee5e7d
- https://git.kernel.org/stable/c/b2262b3be27cee334a2fa175ae3afb53f38fb0b1
- https://git.kernel.org/stable/c/d33fe1714a44ff540629b149d8fab4ac6967585c