CVE-2024-42276

MEDIUM EPSS 14.6%
Published Aug 17, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Aug 17, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: add missing condition check for existence of mapped data nvme_map_data() is called when request has physical segments, hence the nvme_unmap_data() should have same condition to avoid dereference.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥5.2  –  <5.4.282
linuxlinux_kernel*≥5.5  –  <5.10.224
linuxlinux_kernel*≥5.11  –  <5.15.165
linuxlinux_kernel*≥5.16  –  <6.1.103
linuxlinux_kernel*≥6.2  –  <6.6.44
linuxlinux_kernel*≥6.7  –  <6.10.3

References 10

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-265688.html
  • git.kernel.org https://git.kernel.org/stable/c/3f8ec1d6b0ebd8268307d52be8301973fa5a01ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/70100fe721840bf6d8e5abd25b8bffe4d2e049b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/77848b379e9f85a08048a2c8b3b4a7e8396f5f83
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7cc1f4cd90a00b6191cb8cda2d1302fdce59361c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/be23ae63080e0bf9e246ab20207200bca6585eba
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c31fad1470389666ac7169fe43aa65bf5b7e2cfd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d135c3352f7c947a922da93c8e763ee6bc208b64
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3f8ec1d6b0ebd8268307d52be8301973fa5a01ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/70100fe721840bf6d8e5abd25b8bffe4d2e049b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/77848b379e9f85a08048a2c8b3b4a7e8396f5f83
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7cc1f4cd90a00b6191cb8cda2d1302fdce59361c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/be23ae63080e0bf9e246ab20207200bca6585eba
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c31fad1470389666ac7169fe43aa65bf5b7e2cfd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d135c3352f7c947a922da93c8e763ee6bc208b64
    Patch