CVE-2024-46792

Summary

In the Linux kernel, the following vulnerability has been resolved:

riscv: misaligned: Restrict user access to kernel memory

raw_copy_{to,from}_user() do not call access_ok(), so this code allowed userspace to access any virtual memory address.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7c83232161f609bbc452a1255f823f41afc411dd < a3b6ff6c896aee5ef9b581e40d0045ff04fcbc8caffected
LinuxLinux7c83232161f609bbc452a1255f823f41afc411dd < b686ecdeacf6658e1348c1a32a08e2e72f7c0f00affected
LinuxLinux6.7affected
LinuxLinux0 < 6.7unaffected
LinuxLinux6.10.10 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References