CVE-2024-42264

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: drm/v3d: Prevent out of bounds access in performance query extensions Check that the number of perfmons userspace is passing in the copy and reset extensions is not greater than the internal kernel storage where the ids will be copied into. (cherry picked from commit f32b5128d2c440368b5bf3a7a356823e235caabb)

References

Link	Resource
https://git.kernel.org/stable/c/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2	Patch
https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::

History

06 Mar 2025, 12:54

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
CWE		CWE-125
First Time		Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1
References	~~() https://git.kernel.org/stable/c/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2 -~~	() https://git.kernel.org/stable/c/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2 - Patch
References	~~() https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722 -~~	() https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722 - Patch

19 Aug 2024, 12:59

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-17 09:15

Updated : 2025-03-06 12:54

NVD link : CVE-2024-42264

Mitre link : CVE-2024-42264

CVE.ORG link : CVE-2024-42264

JSON object : View

Products Affected

linux_kernel

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2024-42264", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2024-08-17T09:15:07.833", "references": [{"url": "https://git.kernel.org/stable/c/6ce9efd12ae81cf46bf44eb0348594558dfbb9d2", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Prevent out of bounds access in performance query extensions\n\nCheck that the number of perfmons userspace is passing in the copy and\nreset extensions is not greater than the internal kernel storage where\nthe ids will be copied into.\n\n(cherry picked from commit f32b5128d2c440368b5bf3a7a356823e235caabb)"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/v3d: evita el acceso fuera de los l\u00edmites en las extensiones de consulta de rendimiento. Verifique que la cantidad de espacio de usuario de perfmons que se pasa en las extensiones de copia y restablecimiento no sea mayor que el almacenamiento interno del kernel donde se encuentra el Los identificadores se copiar\u00e1n. (cereza escogida del commit f32b5128d2c440368b5bf3a7a356823e235caabb)"}], "lastModified": "2025-03-06T12:54:05.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8B935B3-1FAC-4502-A5BA-A3C286A20469", "versionEndExcluding": "6.10.4", "versionStartIncluding": "6.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}