CVE-2024-23851Integer Overflow or Wraparound in Linux

CWE-190Integer Overflow or Wraparound25 documents8 sources
Severity
5.5MEDIUMNVD
OSV8.1OSV7.5OSV7.0OSV4.7
EPSS
0.0%
top 91.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelDebian LinuxMsrc Azl3 Kernel 6.6.35.1-4 ON Azure Linux 3.0+3 more
Timeline
PublishedJan 23
Latest updateMar 13

Description

copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-176.196+3

🔴Vulnerability Details

11
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2024-04-19
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities2024-04-19
OSV
linux-xilinx-zynqmp vulnerabilities2024-04-17
OSV
linux-aws-6.5, linux-raspi vulnerabilities2024-04-16
OSV
linux-iot vulnerabilities2024-04-16

📋Vendor Advisories

12
Ubuntu
Linux kernel vulnerabilities2024-04-19
Ubuntu
Linux kernel vulnerabilities2024-04-19
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2024-04-17
Ubuntu
Linux kernel vulnerabilities2024-04-16
Ubuntu
Linux kernel (IoT) vulnerabilities2024-04-16

📄Research Papers

1
arXiv
KernelGPT: Enhanced Kernel Fuzzing via Large Language Models2025-03-13