CVE-2024-24891 — Sensitive Information Exposure in Kernel

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

6.0MEDIUMNVD

EPSS

0.0%

top 93.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openeuler Kernel Debian Linux

Timeline

PublishedApr 15

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C. This issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 1.5 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5openeuler/kernel4.19.90-2109.1.0.0108 — 4.19.90-2403.4.0.0244

▶debiandebian/linux

🔴Vulnerability Details

OSV

CVE-2024-24891: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure↗2024-04-15

▶

GHSA

GHSA-h2wm-gg6w-wcx7: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure↗2024-04-15

▶

📋Vendor Advisories

Debian

CVE-2024-24891: linux - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in open...↗2024

▶