CVE-2024-36953 in Linux정보

요약

\~에 의해 MITRE • 2024. 05. 30.

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()

vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled gracefully.

Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

출처

Interested in the pricing of exploits?

See the underground prices here!