CVE-2024-42075

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix remap of arena. The bpf arena logic didn't account for mremap operation. Add a refcnt for multiple mmap events to prevent use-after-free in arena_vm_close.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/87496a1b01e8e2e399428c0db25e106f7961d01e	Patch
https://git.kernel.org/stable/c/b90d77e5fd784ada62ddd714d15ee2400c28e1cf	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

30 Jul 2024, 19:00

Type	Values Removed	Values Added
First Time		Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/87496a1b01e8e2e399428c0db25e106f7961d01e -~~	() https://git.kernel.org/stable/c/87496a1b01e8e2e399428c0db25e106f7961d01e - Patch
References	~~() https://git.kernel.org/stable/c/b90d77e5fd784ada62ddd714d15ee2400c28e1cf -~~	() https://git.kernel.org/stable/c/b90d77e5fd784ada62ddd714d15ee2400c28e1cf - Patch
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-416
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
Summary		(es) En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: bpf: Se corrigió la reasignación de arena. La lógica de bpf arena no tuvo en cuenta la operación de mremap. Agregue un refcnt para múltiples eventos mmap para evitar el uso después de la liberación en arena_vm_close.

29 Jul 2024, 16:21

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-29 16:15

Updated : 2024-07-30 19:00

NVD link : CVE-2024-42075

Mitre link : CVE-2024-42075

CVE.ORG link : CVE-2024-42075

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

5.5 /10