Lucene search
Redhat.comRH:CVE-2024-36953HistoryJun 03, 2024 - 2:33 p.m.
CVE-2024-36953
2024-06-0314:33:05
redhat.com
access.redhat.com
2
cve-2024-36953
kvm
arm64
vgic-v2
vcpu
cpuid
kvm_get_vcpu_by_id
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn’t handled gracefully. Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not.
Related
ubuntucve
ubuntucve
CVE-2024-36953
2024-05-30 00:00:00
cvelist
cvelist
debiancve
debiancve
CVE-2024-36953
2024-05-30 16:15:18
cve
cve
CVE-2024-36953
2024-05-30 16:15:18
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-36953
2024-05-30 16:15:18
osv
osv
linux - security update
2024-06-02 00:00:00
linux-5.10 - security update
2024-06-25 00:00:00
debian
debian
[SECURITY] [DSA 5703-1] linux security update
2024-06-02 17:04:56
nessus
nessus
Debian dla-3843 : linux-config-5.10 - security update
2024-06-27 00:00:00
Debian dsa-5703 : affs-modules-5.10.0-29-4kc-malta-di - security update
2024-06-02 00:00:00