CVE-2024-42276

Summary

In the Linux kernel, the following vulnerability has been resolved:

nvme-pci: add missing condition check for existence of mapped data

nvme_map_data() is called when request has physical segments, hence the nvme_unmap_data() should have same condition to avoid dereference.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4aedb705437f6f98b45f45c394e6803ca67abd33 < 3f8ec1d6b0ebd8268307d52be8301973fa5a01ecaffected
LinuxLinux4aedb705437f6f98b45f45c394e6803ca67abd33 < be23ae63080e0bf9e246ab20207200bca6585ebaaffected
LinuxLinux4aedb705437f6f98b45f45c394e6803ca67abd33 < 7cc1f4cd90a00b6191cb8cda2d1302fdce59361caffected
LinuxLinux4aedb705437f6f98b45f45c394e6803ca67abd33 < d135c3352f7c947a922da93c8e763ee6bc208b64affected
LinuxLinux4aedb705437f6f98b45f45c394e6803ca67abd33 < 77848b379e9f85a08048a2c8b3b4a7e8396f5f83affected
LinuxLinux4aedb705437f6f98b45f45c394e6803ca67abd33 < 70100fe721840bf6d8e5abd25b8bffe4d2e049b7affected
LinuxLinux4aedb705437f6f98b45f45c394e6803ca67abd33 < c31fad1470389666ac7169fe43aa65bf5b7e2cfdaffected
LinuxLinux5.2affected
LinuxLinux0 < 5.2unaffected
LinuxLinux5.4.282 <= 5.4.*unaffected
LinuxLinux5.10.224 <= 5.10.*unaffected
LinuxLinux5.15.165 <= 5.15.*unaffected
LinuxLinux6.1.103 <= 6.1.*unaffected
LinuxLinux6.6.44 <= 6.6.*unaffected
LinuxLinux6.10.3 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References