CVE-2024-53106

In the Linux kernel, the following vulnerability has been resolved: ima: fix buffer overrun in ima_eventdigest_init_common Function ima_eventdigest_init() calls ima_eventdigest_init_common() with HASH_ALGO__LAST which is then used to access the array hash_digest_size[] leading to buffer overrun. Have a conditional statement to handle this.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1ecf0df5205cfb0907eb7984b8671257965a5232	Patch
https://git.kernel.org/stable/c/8a84765c62cc0469864e2faee43aae253ad16082	Patch
https://git.kernel.org/stable/c/923168a0631bc42fffd55087b337b1b6c54dcff5	Patch
https://git.kernel.org/stable/c/e01aae58e818503f2ffcd34c6f7dc6f90af1057e	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.19:-::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc7::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc8::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc7::::::

History

19 Sep 2025, 18:45

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
First Time		Linux Linux linux Kernel
CWE		CWE-787
References	~~() https://git.kernel.org/stable/c/1ecf0df5205cfb0907eb7984b8671257965a5232 -~~	() https://git.kernel.org/stable/c/1ecf0df5205cfb0907eb7984b8671257965a5232 - Patch
References	~~() https://git.kernel.org/stable/c/8a84765c62cc0469864e2faee43aae253ad16082 -~~	() https://git.kernel.org/stable/c/8a84765c62cc0469864e2faee43aae253ad16082 - Patch
References	~~() https://git.kernel.org/stable/c/923168a0631bc42fffd55087b337b1b6c54dcff5 -~~	() https://git.kernel.org/stable/c/923168a0631bc42fffd55087b337b1b6c54dcff5 - Patch
References	~~() https://git.kernel.org/stable/c/e01aae58e818503f2ffcd34c6f7dc6f90af1057e -~~	() https://git.kernel.org/stable/c/e01aae58e818503f2ffcd34c6f7dc6f90af1057e - Patch
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ima: se corrige el desbordamiento del búfer en la función ima_eventdigest_init_common La función ima_eventdigest_init() llama a ima_eventdigest_init_common() con HASH_ALGO__LAST, que luego se utiliza para acceder a la matriz hash_digest_size[], lo que provoca un desbordamiento del búfer. Se debe tener una declaración condicional para manejar esto.
CPE		cpe:2.3:o:linux:linux_kernel:6.12:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.12:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc4:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc8:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc7:::::: cpe:2.3:o:linux:linux_kernel:5.19:-:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::

02 Dec 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-02 14:15

Updated : 2025-10-01 21:16

NVD link : CVE-2024-53106

Mitre link : CVE-2024-53106

CVE.ORG link : CVE-2024-53106

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-787

Out-of-bounds Write

7.8 /10