CVE-2024-39478

Summary

In the Linux kernel, the following vulnerability has been resolved:

crypto: starfive - Do not free stack buffer

RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux445a4aaf5842073e4130b1d6dbe3785284d9615f < 5944de192663f272033501dcd322b008fca72006affected
LinuxLinux445a4aaf5842073e4130b1d6dbe3785284d9615f < d7f01649f4eaf1878472d3d3f480ae1e50d98f6caffected
LinuxLinux6.5affected
LinuxLinux0 < 6.5unaffected
LinuxLinux6.9.5 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References