CVE-2024-25739

Опубликовано: 12 фев. 2024

Источник: debian

EPSS Низкий

Описание

create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
linux	fixed	6.7.12-1		package
linux	fixed	6.1.85-1	bookworm	package
linux	fixed	5.10.216-1	bullseye	package

Примечания

https://www.spinics.net/lists/kernel/msg5074816.html
https://groups.google.com/g/syzkaller/c/Xl97YcQA4hg
https://git.kernel.org/linus/68a24aba7c593eafa8fd00f2f76407b9b32b47a9 (6.9-rc1)

EPSS

Процентиль: 0%

0.00007

Низкий

Связанные уязвимости

CVE-2024-25739

CVSS3: 5.5

ubuntu

больше 1 года назад

create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.

CVE-2024-25739

CVSS3: 5.5

redhat

больше 1 года назад

create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.

CVE-2024-25739

CVSS3: 5.5

nvd

больше 1 года назад

create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.

CVE-2024-25739

CVSS3: 5.5

msrc

10 месяцев назад

Описание отсутствует

GHSA-69v8-v8v7-vv42

CVSS3: 5.5

github

больше 1 года назад

create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.

EPSS

Процентиль: 0%

0.00007

Низкий