CVE-2024-53106

HIGH EPSS 15.2%
Published Dec 2, 20241y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Dec 2, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ima: fix buffer overrun in ima_eventdigest_init_common Function ima_eventdigest_init() calls ima_eventdigest_init_common() with HASH_ALGO__LAST which is then used to access the array hash_digest_size[] leading to buffer overrun. Have a conditional statement to handle this.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
15.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥5.19.1  –  <6.1.119
linuxlinux_kernel*≥6.2  –  <6.6.63
linuxlinux_kernel*≥6.7  –  <6.11.10
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/1ecf0df5205cfb0907eb7984b8671257965a5232
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8a84765c62cc0469864e2faee43aae253ad16082
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/923168a0631bc42fffd55087b337b1b6c54dcff5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e01aae58e818503f2ffcd34c6f7dc6f90af1057e
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1ecf0df5205cfb0907eb7984b8671257965a5232
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8a84765c62cc0469864e2faee43aae253ad16082
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/923168a0631bc42fffd55087b337b1b6c54dcff5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e01aae58e818503f2ffcd34c6f7dc6f90af1057e
    Patch