CVE-2024-41068

MEDIUM EPSS 15.3%
Published Jul 29, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 29, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix sclp_init() cleanup on failure If sclp_init() fails it only partially cleans up: if there are multiple failing calls to sclp_init() sclp_state_change_event will be added several times to sclp_reg_list, which results in the following warning: ------------[ cut here ]------------ list_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10. WARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 __list_add_valid_or_report+0xde/0xf8 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc3 Krnl PSW : 0404c00180000000 000003ffe0d6076a (__list_add_valid_or_report+0xe2/0xf8) R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 ... Call Trace: [<000003ffe0d6076a>] __list_add_valid_or_report+0xe2/0xf8 ([<000003ffe0d60766>] __list_add_valid_or_report+0xde/0xf8) [<000003ffe0a8d37e>] sclp_init+0x40e/0x450 [<000003ffe00009f2>] do_one_initcall+0x42/0x1e0 [<000003ffe15b77a6>] do_initcalls+0x126/0x150 [<000003ffe15b7a0a>] kernel_init_freeable+0x1ba/0x1f8 [<000003ffe0d6650e>] kernel_init+0x2e/0x180 [<000003ffe000301c>] __ret_from_fork+0x3c/0x60 [<000003ffe0d759ca>] ret_from_fork+0xa/0x30 Fix this by removing sclp_state_change_event from sclp_reg_list when sclp_init() fails.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel* <4.19.319
linuxlinux_kernel*≥4.20  –  <5.4.281
linuxlinux_kernel*≥5.5  –  <5.10.223
linuxlinux_kernel*≥5.11  –  <5.15.164
linuxlinux_kernel*≥5.16  –  <6.1.101
linuxlinux_kernel*≥6.2  –  <6.6.42
linuxlinux_kernel*≥6.7  –  <6.9.11
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/0a31b3fdc7e735c4f8c65fe4339945c717ed6808
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2e51db7ab71b89dc5a17068f5e201c69f13a4c9a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/455a6653d8700a81aa8ed2b6442a3be476007090
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6434b33faaa063df500af355ee6c3942e0f8d982
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/79b4be70d5a160969b805f638ac5b4efd0aac7a3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a778987afc36d5dc02a1f82d352a81edcaf7eb83
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/be0259796d0b76bbc7461e12c186814a9e58244c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cf521049fcd07071ed42dc9758fce7d5ee120ec6
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0a31b3fdc7e735c4f8c65fe4339945c717ed6808
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2e51db7ab71b89dc5a17068f5e201c69f13a4c9a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/455a6653d8700a81aa8ed2b6442a3be476007090
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6434b33faaa063df500af355ee6c3942e0f8d982
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/79b4be70d5a160969b805f638ac5b4efd0aac7a3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a778987afc36d5dc02a1f82d352a81edcaf7eb83
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/be0259796d0b76bbc7461e12c186814a9e58244c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cf521049fcd07071ed42dc9758fce7d5ee120ec6
    Patch