Lucene search

[email protected]CVE-2024-25739

HistoryFeb 12, 2024 - 3:15 a.m.

CVE-2024-25739

2024-02-1203:15:32

CWE-754

[email protected]

web.nvd.nist.gov

linux

kernel

cve

2024

25739

security

vulnerability

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤6.7.4

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle6.7.4

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	6.7.4

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9

groups.google.com/g/syzkaller/c/Xl97YcQA4hg

lists.debian.org/debian-lts-announce/2024/06/msg00017.html

lists.debian.org/debian-lts-announce/2024/06/msg00020.html

www.spinics.net/lists/kernel/msg5074816.html

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2024-25739

redhatcve1 cbl_mariner1 prion1 cvelist1 ubuntucve1 debiancve1 nvd1 nessus13 openvas14 osv6 ubuntu4