CVE-2024-44969
Published: September 5, 2024Last modified: September 5, 2024
Description
In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation. If this attempt fails due to a hardware or firmware problem, there is a chance that the SCLP facility might store data into buffers referenced by the original operation at a later time. Handle this situation by not releasing the referenced data buffers if the halt attempt fails. For current use cases, this might result in a leak of few pages of memory in case of a rare hardware/firmware malfunction.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.106-r0) |
| Stream | linux-lts | Fixed (6.6.58-r0) |
References
- https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633
- https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05
- https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506
- https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79
- https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe
- https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148
- https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463
- https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35