Lucene search

[email protected]NVD:CVE-2024-25739

HistoryFeb 12, 2024 - 3:15 a.m.

CVE-2024-25739

2024-02-1203:15:32

CWE-754

[email protected]

web.nvd.nist.gov

linux

kernel

security

vulnerability

drivers

mtd

ubi

vtbl

missing check

leb_size

crash

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤6.7.4

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9

groups.google.com/g/syzkaller/c/Xl97YcQA4hg

lists.debian.org/debian-lts-announce/2024/06/msg00017.html

lists.debian.org/debian-lts-announce/2024/06/msg00020.html

www.spinics.net/lists/kernel/msg5074816.html

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2024-25739

cve1 prion1 redhatcve1 cbl_mariner1 cvelist1 ubuntucve1 debiancve1 nessus13 openvas14 osv6 ubuntu4