CVE-2024-53110

vp_vdpa: fix id_table array not null terminated error

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

vp_vdpa: fix id_table array not null terminated error

Allocate one extra virtio_device_id as null terminator, otherwise
vdpa_mgmtdev_get_classes() may iterate multiple times and visit
undefined memory.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vp_vdpa: se corrige el error de matriz id_table no terminada en nulo. Asigne un virtio_device_id adicional como terminador nulo; de lo contrario, vdpa_mgmtdev_get_classes() puede iterar varias veces y visitar memoria no definida.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-11-19 CVE Reserved
2024-12-02 CVE Published
2024-12-02 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/ffbda8e9df10d1784d5427ec199e7d8308e3763f	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/870d68fe17b5d9032049dcad98b5781a344a8657	2024-11-22
https://git.kernel.org/stable/c/c4d64534d4b1c47d2f1ce427497f971ad4735aae	2024-11-22
https://git.kernel.org/stable/c/0a886489d274596ad1a80789d3a773503210a615	2024-11-22
https://git.kernel.org/stable/c/4e39ecadf1d2a08187139619f1f314b64ba7d947	2024-11-06

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.1.119 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.1.119"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.6.63 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.6.63"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.11.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.11.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.12"		en		Affected