CVE-2024-53228
HIGH
7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
In the Linux kernel, the following vulnerability has been resolved:
riscv: kvm: Fix out-of-bounds array access
In kvm_riscv_vcpu_sbi_init() the entry->ext_idx can contain an
out-of-bound index. This is used as a special marker for the base
extensions, that cannot be disabled. However, when traversing the
extensions, that special marker is not checked prior indexing the
array.
Add an out-of-bounds check to the function.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0003
Percentile
0,1th
Updated
EPSS Score Trend (Last 90 Days)
129
Improper Validation of Array Index
DraftCommon Consequences
Security Scopes Affected:
Integrity
Availability
Confidentiality
Potential Impacts:
Dos: Crash, Exit, Or Restart
Modify Memory
Read Memory
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages:
C, C++, Not Language-Specific
Operating System
Linux Kernel by Linux
Version Range Affected
From
6.7
(inclusive)
To
6.11.11
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
6.12
(inclusive)
To
6.12.2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://git.kernel.org/stable/c/332fa4a802b16ccb727199da685294f85f9880cb
https://git.kernel.org/stable/c/3c49e1084a5df99807fc43dd318c491e6cbaa168
https://git.kernel.org/stable/c/b1af648f0d610665c956ea4604d9f797e5c7e991