CVE-2024-25739Improper Check for Unusual or Exceptional Conditions in Linux

CWE-754Improper Check for Unusual or Exceptional Conditions49 documents8 sources
Severity
5.5MEDIUMNVD
OSV7.0OSV6.8
EPSS
0.0%
top 99.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelDebian LinuxMsrc Azl3 Kernel 6.6.35.1-4 ON Azure Linux 3.0+3 more
Timeline
PublishedFeb 12
Latest updateSep 18

Description

create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-189.209+3

🔴Vulnerability Details

23
OSV
linux-xilinx-zynqmp vulnerabilities2024-09-18
OSV
linux-lowlatency-hwe-6.5 vulnerabilities2024-08-01
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2024-07-31
OSV
linux-gcp-5.15 vulnerabilities2024-07-30
OSV
linux-nvidia-6.5 vulnerabilities2024-07-29

📋Vendor Advisories

24
Ubuntu
Linux kernel vulnerabilities2024-09-18
Ubuntu
Linux kernel vulnerabilities2024-08-01
Ubuntu
Linux kernel vulnerabilities2024-07-31
Ubuntu
Linux kernel vulnerabilities2024-07-30
Ubuntu
Linux kernel vulnerabilities2024-07-29

💬Community

1
Bugzilla
CVE-2024-25739 kernel: crash due to a missing check for leb_size2024-02-12