CVE-2024-56716

netdevsim: prevent bad user input in nsim_dev_health_break_write()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: netdevsim: prevent bad user input in nsim_dev_health_break_write() If either a zero count or a large one is provided, kernel can crash.

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-12-27 CVE Reserved
2024-12-29 CVE Published
2025-01-11 EPSS Updated
2025-01-20 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/82c93a87bf8bc0cdb5ec2ab99da7d87715ff889f	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/81bdfcd6e6a998e219c9dd49ec7291c2e0594bbc	2025-01-09
https://git.kernel.org/stable/c/b3a6daaf7cfb2de37b89fd7a5a2ad4ea9aa3e181	2025-01-09
https://git.kernel.org/stable/c/d10321be26ff9e9e912697e9e8448099654ff561	2024-12-27
https://git.kernel.org/stable/c/470c5ecbac2f19b1cdee2a6ce8d5650c3295c94b	2024-12-27
https://git.kernel.org/stable/c/8e9ef6bdf71bf25f4735e0230ce1919de8985835	2024-12-27
https://git.kernel.org/stable/c/ee76746387f6233bdfa93d7406990f923641568f	2024-12-15

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 5.10.233 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.10.233"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 5.15.176 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.15.176"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.1.122 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.1.122"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.6.68 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.6.68"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.12.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.12.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.13"		en		Affected