CVE-2024-41004Improper Input Validation in Linux

CWE-20Improper Input Validation32 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedJul 12
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock (get a reference) those event file reference in module init function, and unlock and delete it in module exit function. This is because those are designed for playing as modules. If we make those modules as built-in, those events are left locked in the kernel, and never be removed. This causes kprobe e

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel5.65.10.221+5
Debianlinux/linux_kernel< 5.10.221-1+3
Ubuntulinux/linux_kernel< 5.15.0-121.131+1
CVEListV5linux/linux9fe41efaca08416657efa8731c0d47ccb6a3f3eba85bae262ccecc52a40c466ec067f6c915e0839d+6
debiandebian/linux< linux 6.1.99-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

15
OSV
linux-azure-fde-5.15 vulnerabilities2024-09-25
OSV
linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities2024-09-23
OSV
linux-hwe-6.82024-09-23
OSV
linux-raspi vulnerabilities2024-09-23
OSV
linux-ibm-5.15, linux-oracle-5.15 vulnerabilities2024-09-23

📋Vendor Advisories

16
CISA ICS
Siemens Third-Party Components in SINEC OS2025-08-14
Ubuntu
Linux kernel vulnerabilities2024-09-25
Ubuntu
Linux kernel vulnerabilities2024-09-23
Ubuntu
Linux kernel vulnerabilities2024-09-23
Ubuntu
Linux kernel vulnerabilities2024-09-23