Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2024-45026
HistorySep 11, 2024 - 4:15 p.m.

CVE-2024-45026

2024-09-1116:15:07
CWE-787
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
1
linux kernel
s390/dasd
vulnerability
data corruption
ese
error recovery

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

s390/dasd: fix error recovery leading to data corruption on ESE devices

Extent Space Efficient (ESE) or thin provisioned volumes need to be
formatted on demand during usual IO processing.

The dasd_ese_needs_format function checks for error codes that signal
the non existence of a proper track format.

The check for incorrect length is to imprecise since other error cases
leading to transport of insufficient data also have this flag set.
This might lead to data corruption in certain error cases for example
during a storage server warmstart.

Fix by removing the check for incorrect length and replacing by
explicitly checking for invalid track format in transport mode.

Also remove the check for file protected since this is not a valid
ESE handling case.

Affected configurations

Nvd
Node
linuxlinux_kernelRange5.35.4.283
OR
linuxlinux_kernelRange5.55.10.225
OR
linuxlinux_kernelRange5.115.15.166
OR
linuxlinux_kernelRange5.166.1.107
OR
linuxlinux_kernelRange6.26.6.48
OR
linuxlinux_kernelRange6.76.10.7
OR
linuxlinux_kernelMatch6.11rc1
OR
linuxlinux_kernelMatch6.11rc2
OR
linuxlinux_kernelMatch6.11rc3
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel6.11cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
linuxlinux_kernel6.11cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
linuxlinux_kernel6.11cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*

Related

debiancve 1
osv 1
cvelist 1
cve 1
nessus 1
photon 1
debiancve
debiancve
CVE-2024-45026
2024-09-11 16:15:07
osv
osv
CVE-2024-45026
2024-09-11 16:15:07
cvelist
cvelist
CVE-2024-45026 s390/dasd: fix error recovery leading to data corruption on ESE devices
2024-09-11 15:13:58
cve
cve
CVE-2024-45026
2024-09-11 16:15:07
nessus
nessus
Photon OS 4.0: Linux PHSA-2024-4.0-0693
2024-09-14 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0693
2024-09-13 00:00:00

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

JSON
Related for NVD:CVE-2024-45026
debiancve1osv1cvelist1cve1nessus1photon1