CVE-2024-53110

Summary

In the Linux kernel, the following vulnerability has been resolved:

vp_vdpa: fix id_table array not null terminated error

Allocate one extra virtio_device_id as null terminator, otherwise vdpa_mgmtdev_get_classes() may iterate multiple times and visit undefined memory.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxffbda8e9df10d1784d5427ec199e7d8308e3763f < 870d68fe17b5d9032049dcad98b5781a344a8657affected
LinuxLinuxffbda8e9df10d1784d5427ec199e7d8308e3763f < c4d64534d4b1c47d2f1ce427497f971ad4735aaeaffected
LinuxLinuxffbda8e9df10d1784d5427ec199e7d8308e3763f < 0a886489d274596ad1a80789d3a773503210a615affected
LinuxLinuxffbda8e9df10d1784d5427ec199e7d8308e3763f < 4e39ecadf1d2a08187139619f1f314b64ba7d947affected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux6.1.119 <= 6.1.*unaffected
LinuxLinux6.6.63 <= 6.6.*unaffected
LinuxLinux6.11.10 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References