CVE-2024-46826

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

20 Nov 2024, 17:19

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CWE NVD-CWE-noinfo
First Time Linux linux Kernel
Linux
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/1cf8cd80903073440b6ea055811d04edd24fe4f7 - () https://git.kernel.org/stable/c/1cf8cd80903073440b6ea055811d04edd24fe4f7 - Patch
References () https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27 - () https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27 - Patch
References () https://git.kernel.org/stable/c/2a97388a807b6ab5538aa8f8537b2463c6988bd2 - () https://git.kernel.org/stable/c/2a97388a807b6ab5538aa8f8537b2463c6988bd2 - Patch
References () https://git.kernel.org/stable/c/53f17409abf61f66b6f05aff795e938e5ba811d1 - () https://git.kernel.org/stable/c/53f17409abf61f66b6f05aff795e938e5ba811d1 - Patch

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ELF: se corrige la lectura doble de kernel.randomize_va_space. El cargador ELF utiliza "randomize_va_space" dos veces. Es sysctl y puede cambiar en cualquier momento, por lo que, en teoría, 2 cargas podrían ver 2 valores diferentes con consecuencias impredecibles. Se debe emitir exactamente una carga para obtener un valor consistente en una ejecución.

27 Sep 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-27 13:15

Updated : 2024-11-20 17:19


NVD link : CVE-2024-46826

Mitre link : CVE-2024-46826

CVE.ORG link : CVE-2024-46826


JSON object : View

Products Affected

linux

  • linux_kernel