CVE-2024-42094

Summary

In the Linux kernel, the following vulnerability has been resolved:

net/iucv: Avoid explicit cpumask var allocation on stack

For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow.

Instead, kernel code should always use *cpumask_var API(s) to allocate cpumask var in config-neutral way, leaving allocation strategy to CONFIG_CPUMASK_OFFSTACK.

Use *cpumask_var API(s) to address it.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2356f4cb191100a5e92d537f13e5efdbc697e9cb < 2b085521be5292016097b5e7ca81b26be3f7098daffected
LinuxLinux2356f4cb191100a5e92d537f13e5efdbc697e9cb < 842afb47d84536fc976fece8fb6c54bea711ad1aaffected
LinuxLinux2356f4cb191100a5e92d537f13e5efdbc697e9cb < 9dadab0db7d904413ea1cdaa13f127da05c31e71affected
LinuxLinux2356f4cb191100a5e92d537f13e5efdbc697e9cb < 0af718a690acc089aa1bbb95a93df833d864ef53affected
LinuxLinux2356f4cb191100a5e92d537f13e5efdbc697e9cb < d85ca8179a54ff8cf1e1f8c3c9e3799831319baeaffected
LinuxLinux2356f4cb191100a5e92d537f13e5efdbc697e9cb < 724e7965af054079242b8d6f7e50ee226730a756affected
LinuxLinux2356f4cb191100a5e92d537f13e5efdbc697e9cb < 2d090c7f7be3b26fcb80ac04d08a4a8062b1d959affected
LinuxLinux2356f4cb191100a5e92d537f13e5efdbc697e9cb < be4e1304419c99a164b4c0e101c7c2a756b635b9affected
LinuxLinux2.6.21affected
LinuxLinux0 < 2.6.21unaffected
LinuxLinux4.19.317 <= 4.19.*unaffected
LinuxLinux5.4.279 <= 5.4.*unaffected
LinuxLinux5.10.221 <= 5.10.*unaffected
LinuxLinux5.15.162 <= 5.15.*unaffected
LinuxLinux6.1.97 <= 6.1.*unaffected
LinuxLinux6.6.37 <= 6.6.*unaffected
LinuxLinux6.9.8 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References