Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-36019

Опубликовано: 30 мая 2024
Источник: nvd
CVSS3: 7.1
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

regmap: maple: Fix cache corruption in regcache_maple_drop()

When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block, i.e. max - mas.index.

The code was indexing entry[] by only the register address, leading to an out-of-bounds access that copied some part of the kernel memory over the cache contents.

This bug was not detected by the regmap KUnit test because it only tests with a block of registers starting at 0, so mas.index == 0.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.4 (включая) до 6.6.26 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.7 (включая) до 6.8.5 (исключая)
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*

EPSS

Процентиль: 4%
0.0002
Низкий

7.1 High

CVSS3

Дефекты

CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2024-36019

CVSS3: 7.1
ubuntu
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block, i.e. max - mas.index. The code was indexing entry[] by only the register address, leading to an out-of-bounds access that copied some part of the kernel memory over the cache contents. This bug was not detected by the regmap KUnit test because it only tests with a block of registers starting at 0, so mas.index == 0.

redhat логотип

CVE-2024-36019

CVSS3: 5.1
redhat
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block, i.e. max - mas.index. The code was indexing entry[] by only the register address, leading to an out-of-bounds access that copied some part of the kernel memory over the cache contents. This bug was not detected by the regmap KUnit test because it only tests with a block of registers starting at 0, so mas.index == 0.

debian логотип

CVE-2024-36019

CVSS3: 7.1
debian
больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: r ...

fstec логотип

BDU:2024-04548

CVSS3: 7.8
fstec
больше 1 года назад

Уязвимость функции regcache_maple_drop() драйвера regmap ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

redos логотип

ROS-20241127-03

CVSS3: 7.8
redos
10 месяцев назад

Множественные уязвимости kernel-lt

EPSS

Процентиль: 4%
0.0002
Низкий

7.1 High

CVSS3

Дефекты

CWE-125