CVE-2024-43868Improper Input Validation in Linux

CWE-20Improper Input Validation15 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 89.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedAug 21
Latest updateJan 9

Description

In the Linux kernel, the following vulnerability has been resolved: riscv/purgatory: align riscv_kernel_entry When alignment handling is delegated to the kernel, everything must be word-aligned in purgatory, since the trap handler is then set to the kexec one. Without the alignment, hitting the exception would ultimately crash. On other occasions, the kernel's handler would take care of exceptions. This has been tested on a JH7110 SoC with oreboot and its SBI delegating unaligned access except

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel5.196.1.117+3
Debianlinux/linux_kernel< 6.1.119-1+2
Ubuntulinux/linux_kernel< 6.8.0-50.51
CVEListV5linux/linux736e30af583fb6e0e2b8211b894ff99dea0f1ee710ffafb456f293976c42f700578ef740467cb569+4
debiandebian/linux< linux 6.1.119-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

7
OSV
linux-azure, linux-azure-6.8 vulnerabilities2025-01-09
OSV
linux-hwe-6.8 vulnerabilities2025-01-06
OSV
linux-gkeop vulnerabilities2024-12-12
OSV
linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities2024-12-12
OSV
linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux-raspi vulnerabilities2024-12-12

📋Vendor Advisories

7
Ubuntu
Linux kernel (Azure) vulnerabilities2025-01-09
Ubuntu
Linux kernel (HWE) vulnerabilities2025-01-06
Ubuntu
Linux kernel (GKE) vulnerabilities2024-12-12
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2024-12-12
Ubuntu
Linux kernel vulnerabilities2024-12-12