Lucene search

GoogleOSV:CVE-2024-42162

HistoryJul 30, 2024 - 8:15 a.m.

CVE-2024-42162

2024-07-3008:15:07

Google

osv.dev

linux kernel

gve driver

nic stats

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

JSON

In the Linux kernel, the following vulnerability has been resolved:

gve: Account for stopped queues when reading NIC stats

We now account for the fact that the NIC might send us stats for a
subset of queues. Without this change, gve_get_ethtool_stats might make
an invalid access on the priv->stats_report->stats array.

References

git.kernel.org/stable/c/32675d828c8a392e20d5b42375ed112c407e4b62

git.kernel.org/stable/c/af9bcf910b1f86244f39e15e701b2dc564b469a6

security-tracker.debian.org/tracker/CVE-2024-42162

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

JSON

Related for OSV:CVE-2024-42162