Lucene search

GoogleOSV:CVE-2024-42067

HistoryJul 29, 2024 - 4:15 p.m.

CVE-2024-42067

2024-07-2916:15:06

Google

osv.dev

linux

kernel

vulnerability

bpf

set_memory_rox

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.5

Confidence

High

JSON

In the Linux kernel, the following vulnerability has been resolved:

bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()

set_memory_rox() can fail, leaving memory unprotected.

Check return and bail out when bpf_jit_binary_lock_ro() returns
an error.

References

git.kernel.org/stable/c/044da7ae7afd4ef60806d73654a2e6a79aa4ed7a

git.kernel.org/stable/c/08f6c05feb1db21653e98ca84ea04ca032d014c7

git.kernel.org/stable/c/9fef36cad60d4226f9d06953cd56d1d2f9119730

git.kernel.org/stable/c/e60adf513275c3a38e5cb67f7fd12387e43a3ff5

security-tracker.debian.org/tracker/CVE-2024-42067

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.5

Confidence

High

JSON

Related for OSV:CVE-2024-42067