CVE-2024-50080
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
ublk: don't allow user copy for unprivileged device
UBLK_F_USER_COPY requires userspace to call write() on ublk char device for filling request buffer, and unprivileged device can't be trusted.
So don't allow user copy for unprivileged device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1172d5b8beca6b899deb9f7f2850e7e47ec16198 < 6414ab5c9c9c068eca6dc4fd3a036bc4b83164dc | affected |
| Linux | Linux | 1172d5b8beca6b899deb9f7f2850e7e47ec16198 < 8f3d5686a2409877c5e8e2540774d24ed2b4a4ce | affected |
| Linux | Linux | 1172d5b8beca6b899deb9f7f2850e7e47ec16198 < 42aafd8b48adac1c3b20fe5892b1b91b80c1a1e6 | affected |
| Linux | Linux | 6.5 | affected |
| Linux | Linux | 0 < 6.5 | unaffected |
| Linux | Linux | 6.6.58 <= 6.6.* | unaffected |
| Linux | Linux | 6.11.5 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/6414ab5c9c9c068eca6dc4fd3a036bc4b83164dc
- https://git.kernel.org/stable/c/8f3d5686a2409877c5e8e2540774d24ed2b4a4ce
- https://git.kernel.org/stable/c/42aafd8b48adac1c3b20fe5892b1b91b80c1a1e6
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.