CVE-2024-50109

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-50109
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null ptr dereference in raid10_size() In raid10_run() if raid10_set_queue_limits() succeed, the return value is set to zero, and if following procedures failed raid10_run() will return zero while mddev->private is still NULL, causing null ptr dereference in raid10_size(). Fix the problem by only overwrite the return value if raid10_set_queue_limits() failed.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/825711e00117fc686ab89ac36a9a7b252dc349c6 Patch
https://git.kernel.org/stable/c/b3054db2fd2d35f2eb3b4b5fb1407792f465391c Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
History

08 Nov 2024, 21:30

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/825711e00117fc686ab89ac36a9a7b252dc349c6 - () https://git.kernel.org/stable/c/825711e00117fc686ab89ac36a9a7b252dc349c6 - Patch
References () https://git.kernel.org/stable/c/b3054db2fd2d35f2eb3b4b5fb1407792f465391c - () https://git.kernel.org/stable/c/b3054db2fd2d35f2eb3b4b5fb1407792f465391c - Patch
First Time Linux
Linux linux Kernel
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE CWE-476
CPE cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*

06 Nov 2024, 18:17

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: md/raid10: se corrige la desreferencia ptr nulo en raid10_size() En raid10_run(), si raid10_set_queue_limits() tiene éxito, el valor de retorno se establece en cero y, si fallan los siguientes procedimientos, raid10_run() devolverá cero mientras que mddev->private sigue siendo NULL, lo que provoca una desreferencia ptr nula en raid10_size(). Solucione el problema sobrescribiendo solo el valor de retorno si raid10_set_queue_limits() falla.

05 Nov 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-05 18:15

Updated : 2024-11-08 21:30

NVD link : CVE-2024-50109

Mitre link : CVE-2024-50109

CVE.ORG link : CVE-2024-50109

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024