CVE-2024-40974
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-40974
CVE Details
| Release Date: | 2024-07-12 |
Description
In the Linux kernel, the following vulnerability has been resolved:\npowerpc/pseries: Enforce hcall result buffer validity and size\nplpar_hcall(), plpar_hcall9(), and related functions expect callers to\nprovide valid result buffers of certain minimum size. Currently this\nis communicated only through comments in the code and the compiler has\nno idea.\nFor example, if I write a bug like this:\nlong retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE\nplpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);\nThis compiles with no diagnostics emitted, but likely results in stack\ncorruption at runtime when plpar_hcall9() stores results past the end\nof the array. (To be clear this is a contrived example and I have not\nfound a real instance yet.)\nTo make this class of error less likely, we can use explicitly-sized\narray parameters instead of pointers in the declarations for the hcall\nAPIs. When compiled with -Warray-bounds[1], the code above now\nprovokes a diagnostic like this:\nerror: array argument is too small;\nis of size 32, callee requires at least 72 [-Werror,-Warray-bounds]\n60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,\n| ^ ~~~~~~\n[1] Enabled for LLVM builds but not GCC for now. See commit\n0da6e5fd6c37 ('gcc: disable '-Warray-bounds' for gcc-13 too') and\nrelated changes.
See more information about CVE-2024-40974 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 6.6 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
| Attack Vector: | Local network | Attack Complexity: | Low |
| Privileges Required: | Low | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | Low |
| Integrity Impact: | Low | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 7 (kernel-uek) | ELSA-2024-12610 | 2024-09-10 |
| Oracle Linux version 7 (kernel-uek) | ELSA-2024-12779 | 2024-10-11 |
| Oracle Linux version 7 (kernel-uek-container) | ELSA-2024-12612 | 2024-09-11 |
| Oracle Linux version 8 (kernel) | ELSA-2024-5101 | 2024-08-08 |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12610 | 2024-09-10 |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12618 | 2024-09-12 |
| Oracle Linux version 8 (kernel-uek-container) | ELSA-2024-12612 | 2024-09-11 |
| Oracle Linux version 9 (kernel-uek) | ELSA-2024-12618 | 2024-09-12 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
