CVE-2024-42156

Summary

In the Linux kernel, the following vulnerability has been resolved:

s390/pkey: Wipe copies of clear-key structures on failure

Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d < a891938947f4427f98cb1ce54f27223501efe750affected
LinuxLinuxf2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d < 7f6243edd901b75aaece326c90a1cc0dcb60cc3daffected
LinuxLinuxf2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d < d65d76a44ffe74c73298ada25b0f578680576073affected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux6.6.64 <= 6.6.*unaffected
LinuxLinux6.9.9 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References