CVE-2024-58010

binfmt_flat: Fix integer overflow bug on 32 bit systems

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix integer overflow bug on 32 bit systems Most of these sizes and counts are capped at 256MB so the math doesn't
result in an integer overflow. The "relocs" count needs to be checked
as well. Otherwise on 32bit systems the calculation of "full_data"
could be wrong. full_data = data_len + relocs * sizeof(unsigned long);

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-27 CVE Reserved
2025-02-27 CVE Published
2025-02-27 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/c995ee28d29d6f256c3a8a6c4e66469554374f25	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/95506c7f33452450346fbe2975c1359100f854ca	2025-02-21
https://git.kernel.org/stable/c/d17ca8f2dfcf423c439859995910a20e38b86f00	2025-02-17
https://git.kernel.org/stable/c/a009378af674b808efcca1e2e67916e79ce866b3	2025-02-17
https://git.kernel.org/stable/c/8e8cd712bb06a507b26efd2a56155076aa454345	2025-02-17
https://git.kernel.org/stable/c/55cf2f4b945f6a6416cc2524ba740b83cc9af25a	2025-01-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.1.129 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.1.129"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.6.78 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.6.78"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.12.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.12.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.13.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.13.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.14-rc1 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.14-rc1"		en		Affected