CVE-2024-56716

Jan. 10, 2025, 3:52 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: netdevsim: prevent bad user input in nsim_dev_health_break_write() If either a zero count or a large one is provided, kernel can crash.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.13

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1284
Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.13 rc1 / / / / / /
o linux linux_kernel 6.13 rc2 / / / / / /
o linux linux_kernel 6.13 rc3 / / / / / /

References

https://git.kernel.org/stable/c/470c5ecbac2f19b1cdee2a6ce8d5650c3295c94b
https://git.kernel.org/stable/c/81bdfcd6e6a998e219c9dd49ec7291c2e0594bbc
https://git.kernel.org/stable/c/8e9ef6bdf71bf25f4735e0230ce1919de8985835
https://git.kernel.org/stable/c/b3a6daaf7cfb2de37b89fd7a5a2ad4ea9aa3e181
https://git.kernel.org/stable/c/d10321be26ff9e9e912697e9e8448099654ff561
https://git.kernel.org/stable/c/ee76746387f6233bdfa93d7406990f923641568f

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-1284
2024-12-29
CVE-2024-56716

CVSS Score

5.5 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Dec. 29, 2024, 9:15 a.m.
Last Modified: Jan. 10, 2025, 3:52 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.