CVE-2024-58083Use After Free in Linux

CWE-416Use After Free102 documents7 sources
Severity
7.8HIGHNVD
OSV8.8OSV7.1OSV5.9OSV5.5
EPSS
0.0%
top 91.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedMar 6
Latest updateJan 29

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Explicitly verify the target vCPU is fully online _prior_ to clamping the index in kvm_get_vcpu(). If the index is "bad", the nospec clamping will generate '0', i.e. KVM will return vCPU0 instead of NULL. In practice, the bug is unlikely to cause problems, as it will only come into play if userspace or the guest is buggy or misbehaving, e.g. KVM may send interrupt

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

NVDlinux/linux_kernel4.14.1204.15+8
Debianlinux/linux_kernel< 5.10.237-1+3
Ubuntulinux/linux_kernel< 5.4.0-216.236+3
CVEListV5linux/linux1d487e9bf8ba66a7174c56a0029c54b1eca8f99c5cce2ed69b00e022b5cdf0c49c82986abd2941a8+11
debiandebian/linux< linux 6.1.129-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

50
OSV
linux-azure-fips vulnerabilities2025-12-16
OSV
linux-azure, linux-azure-4.15, linux-oracle, vulnerabilities2025-12-12
OSV
linux-gcp, linux-gcp-4.15, linux-hwe vulnerabilities2025-12-04
OSV
linux-gcp-fips vulnerabilities2025-12-04
OSV
linux-aws-fips, linux-fips vulnerabilities2025-12-03

📋Vendor Advisories

51
Ubuntu
Kernel Live Patch Security Notice2026-01-29
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-12-16
Ubuntu
Linux kernel kernel vulnerabilities2025-12-12
Ubuntu
Linux kernel vulnerabilities2025-12-04
Ubuntu
Linux kernel (GCP FIPS) vulnerabilities2025-12-04