CVE-2024-53137

In the Linux kernel, the following vulnerability has been resolved: ARM: fix cacheflush with PAN It seems that the cacheflush syscall got broken when PAN for LPAE was implemented. User access was not enabled around the cache maintenance instructions, causing them to fault.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/ca29cfcc4a21083d671522ad384532e28a43f033	Patch
https://git.kernel.org/stable/c/e6960a2ed49c9a25357817535f7cc50594a58604	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc7::::::

History

11 Dec 2024, 17:01

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		NVD-CWE-noinfo
References	~~() https://git.kernel.org/stable/c/ca29cfcc4a21083d671522ad384532e28a43f033 -~~	() https://git.kernel.org/stable/c/ca29cfcc4a21083d671522ad384532e28a43f033 - Patch
References	~~() https://git.kernel.org/stable/c/e6960a2ed49c9a25357817535f7cc50594a58604 -~~	() https://git.kernel.org/stable/c/e6960a2ed49c9a25357817535f7cc50594a58604 - Patch
CPE		cpe:2.3:o:linux:linux_kernel:6.12:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc4:::::: cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux linux Kernel Linux
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ARM: reparar cacheflush con PAN Parece que la llamada al sistema cacheflush se rompió cuando se implementó PAN para LPAE. El acceso de usuario no estaba habilitado en torno a las instrucciones de mantenimiento de caché, lo que provocó que fallaran.

04 Dec 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-04 15:15

Updated : 2024-12-11 17:01

NVD link : CVE-2024-53137

Mitre link : CVE-2024-53137

CVE.ORG link : CVE-2024-53137

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10