CVE-2024-36953 in Linuxالمعلومات

الملخص

بحسب MITRE • 30/05/2024

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()

vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled gracefully.

Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

حجز

30/05/2024

إفشاء

30/05/2024

الاعتدال

تمت الموافقة

إدخال

VDB-266652

EPSS

0.00231

KEV

لا

النشاطات

منخفض جدًا

المصادر

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!