FKIE_CVE-2024-42093

Vulnerability from fkie_nvd - Published: 2024-07-29 18:15 - Updated: 2025-11-03 22:17
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code should always use *cpumask_var API(s) to allocate cpumask var in config-neutral way, leaving allocation strategy to CONFIG_CPUMASK_OFFSTACK. Use *cpumask_var API(s) to address it.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/48147337d7efdea6ad6e49f5b8eb894b95868ef0Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5e4f25091e6d06e99a23f724c839a58a8776a527Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/69f49527aea12c23b78fb3d0a421950bf44fb4e2Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/763896ab62a672d728f5eb10ac90d98c607a8509Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a55afc0f5f20ba30970aaf7271929dc00eee5e7dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b2262b3be27cee334a2fa175ae3afb53f38fb0b1Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d33fe1714a44ff540629b149d8fab4ac6967585cPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/48147337d7efdea6ad6e49f5b8eb894b95868ef0Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/5e4f25091e6d06e99a23f724c839a58a8776a527Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/69f49527aea12c23b78fb3d0a421950bf44fb4e2Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/763896ab62a672d728f5eb10ac90d98c607a8509Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/a55afc0f5f20ba30970aaf7271929dc00eee5e7dPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b2262b3be27cee334a2fa175ae3afb53f38fb0b1Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/d33fe1714a44ff540629b149d8fab4ac6967585cPatch
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EBA530D-458E-447C-8744-13D4429CCC4A",
              "versionEndExcluding": "5.4.279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "659E1520-6345-41AF-B893-A7C0647585A0",
              "versionEndExcluding": "5.10.221",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5",
              "versionEndExcluding": "5.15.162",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "748B6C4B-1F61-47F9-96CC-8899B8412D84",
              "versionEndExcluding": "6.1.97",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72E033B-5323-4C4D-8818-36E1EBC3535F",
              "versionEndExcluding": "6.6.37",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E95105F2-32E3-4C5F-9D18-7AEFD0E6275C",
              "versionEndExcluding": "6.9.8",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/dpaa2: Avoid explicit cpumask var allocation on stack\n\nFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask\nvariable on stack is not recommended since it can cause potential stack\noverflow.\n\nInstead, kernel code should always use *cpumask_var API(s) to allocate\ncpumask var in config-neutral way, leaving allocation strategy to\nCONFIG_CPUMASK_OFFSTACK.\n\nUse *cpumask_var API(s) to address it."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/dpaa2: evite la asignaci\u00f3n expl\u00edcita de la variable cpumask en la pila. Para el kernel CONFIG_CPUMASK_OFFSTACK=y, no se recomienda la asignaci\u00f3n expl\u00edcita de la variable cpumask en la pila, ya que puede causar un posible desbordamiento de la pila. En su lugar, el c\u00f3digo del kernel siempre debe usar las API *cpumask_var para asignar cpumask var de manera neutral en cuanto a configuraci\u00f3n, dejando la estrategia de asignaci\u00f3n a CONFIG_CPUMASK_OFFSTACK. Utilice las API *cpumask_var para solucionarlo."
    }
  ],
  "id": "CVE-2024-42093",
  "lastModified": "2025-11-03T22:17:37.017",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-29T18:15:11.833",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/48147337d7efdea6ad6e49f5b8eb894b95868ef0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/5e4f25091e6d06e99a23f724c839a58a8776a527"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/69f49527aea12c23b78fb3d0a421950bf44fb4e2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/763896ab62a672d728f5eb10ac90d98c607a8509"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a55afc0f5f20ba30970aaf7271929dc00eee5e7d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b2262b3be27cee334a2fa175ae3afb53f38fb0b1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/d33fe1714a44ff540629b149d8fab4ac6967585c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/48147337d7efdea6ad6e49f5b8eb894b95868ef0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/5e4f25091e6d06e99a23f724c839a58a8776a527"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/69f49527aea12c23b78fb3d0a421950bf44fb4e2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/763896ab62a672d728f5eb10ac90d98c607a8509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a55afc0f5f20ba30970aaf7271929dc00eee5e7d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b2262b3be27cee334a2fa175ae3afb53f38fb0b1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/d33fe1714a44ff540629b149d8fab4ac6967585c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.