Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2024-23851
HistoryJan 23, 2024 - 9:15 a.m.

CVE-2024-23851

2024-01-2309:15:36
Debian Security Bug Tracker
security-tracker.debian.org
18
cve-2024-23851
drivers/md/dm-ioctl.c
data_size check
ctl_ioctl
crash
linux kernel
vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

0

Percentile

5.1%

copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

0

Percentile

5.1%