CVE-2024-23851

Опубликовано: 23 янв. 2024

Источник: redhat

Описание

copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.

A vulnerability was found in copy_params in drivers/md/dm-ioctl.c in the Linux kernel, where it can attempt to allocate more than INT_MAX bytes and crash due to a missing param_kernel->data_size check. This issue is related to ctl_ioctl.

Отчет

This flaw was found to be a duplicate of CVE-2023-52429. Please see https://access.redhat.com/security/cve/CVE-2023-52429 for information about affected products and security errata.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

https://bugzilla.redhat.com/show_bug.cgi?id=2260046kernel: copy_params can attempt to allocate more than INT_MAX bytes and crash

Связанные уязвимости

CVE-2024-23851

CVSS3: 5.5

ubuntu

около 2 лет назад

CVE-2024-23851

CVSS3: 5.5

nvd

около 2 лет назад

CVE-2024-23851

CVSS3: 5.5

msrc

больше 1 года назад

copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes and crash because of a missing param_kernel->data_size check. This is related to ctl_ioctl.

CVE-2024-23851

CVSS3: 5.5

debian

около 2 лет назад

copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 ...

GHSA-hm4h-jq5c-c933

CVSS3: 5.5

github

около 2 лет назад