Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2024-42254
HistoryAug 08, 2024 - 9:15 a.m.

CVE-2024-42254

2024-08-0809:15:08
CWE-476
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
7
linux kernel
io_uring vulnerability fix
error pbuf checking
kasan
null-ptr-deref
kernel workqueue

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

9.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix error pbuf checking

Syz reports a problem, which boils down to NULL vs IS_ERR inconsistent
error handling in io_alloc_pbuf_ring().

KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
RIP: 0010:__io_remove_buffers+0xac/0x700 io_uring/kbuf.c:341
Call Trace:
<TASK>
io_put_bl io_uring/kbuf.c:378 [inline]
io_destroy_buffers+0x14e/0x490 io_uring/kbuf.c:392
io_ring_ctx_free+0xa00/0x1070 io_uring/io_uring.c:2613
io_ring_exit_work+0x80f/0x8a0 io_uring/io_uring.c:2844
process_one_work kernel/workqueue.c:3231 [inline]
process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Affected configurations

Nvd
Node
linuxlinux_kernelMatch6.10-
OR
linuxlinux_kernelMatch6.10rc1
OR
linuxlinux_kernelMatch6.10rc2
OR
linuxlinux_kernelMatch6.10rc3
OR
linuxlinux_kernelMatch6.10rc4
OR
linuxlinux_kernelMatch6.10rc5
OR
linuxlinux_kernelMatch6.10rc6
OR
linuxlinux_kernelMatch6.10rc7
VendorProductVersionCPE
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:-:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc7:*:*:*:*:*:*

Related

cvelist 1
vulnrichment 1
ubuntucve 1
redhatcve 1
debiancve 1
cve 1
cvelist
cvelist
CVE-2024-42254 io_uring: fix error pbuf checking
2024-08-08 08:49:14
vulnrichment
vulnrichment
CVE-2024-42254 io_uring: fix error pbuf checking
2024-08-08 08:49:14
ubuntucve
ubuntucve
CVE-2024-42254
2024-08-08 00:00:00
redhatcve
redhatcve
CVE-2024-42254
2024-08-09 10:18:54
debiancve
debiancve
CVE-2024-42254
2024-08-08 09:15:08
cve
cve
CVE-2024-42254
2024-08-08 09:15:08

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

9.5%

JSON
Related for NVD:CVE-2024-42254
cvelist1vulnrichment1ubuntucve1redhatcve1debiancve1cve1