SB20240731123 - Buffer overflow in Linux kernel iucv
Published: July 31, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20240731123
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2024-42094)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the iucv_setmask_mp() and iucv_cpu_online() functions in net/iucv/iucv.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2b085521be5292016097b5e7ca81b26be3f7098d
- https://git.kernel.org/stable/c/842afb47d84536fc976fece8fb6c54bea711ad1a
- https://git.kernel.org/stable/c/9dadab0db7d904413ea1cdaa13f127da05c31e71
- https://git.kernel.org/stable/c/0af718a690acc089aa1bbb95a93df833d864ef53
- https://git.kernel.org/stable/c/d85ca8179a54ff8cf1e1f8c3c9e3799831319bae
- https://git.kernel.org/stable/c/724e7965af054079242b8d6f7e50ee226730a756
- https://git.kernel.org/stable/c/2d090c7f7be3b26fcb80ac04d08a4a8062b1d959
- https://git.kernel.org/stable/c/be4e1304419c99a164b4c0e101c7c2a756b635b9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.317
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.279
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.97
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.37