SB2024091231 - Buffer overflow in Linux kernel s390 block driver
Published: September 12, 2024 Updated: May 12, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2024-45026)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dasd_eckd_analysis_ccw(), dasd_eckd_build_check_tcw(), dasd_eckd_build_cp_cmd_single(), dasd_eckd_build_cp_tpm_track() and dasd_eckd_dump_sense() functions in drivers/s390/block/dasd_eckd.c, within the dasd_3990_erp_file_prot() function in drivers/s390/block/dasd_3990_erp.c, within the dasd_ese_needs_format(), dasd_int_handler() and list_for_each_entry_safe() functions in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/19f60a55b2fda49bc4f6134a5f6356ef62ee69d8
- https://git.kernel.org/stable/c/e245a18281c252c8dbc467492e09bb5d4b012118
- https://git.kernel.org/stable/c/a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a
- https://git.kernel.org/stable/c/0a228896a1b3654cd461ff654f6a64e97a9c3246
- https://git.kernel.org/stable/c/93a7e2856951680cd7fe6ebd705ac10c8a8a5efd
- https://git.kernel.org/stable/c/5d4a304338daf83ace2887aaacafd66fe99ed5cc
- https://git.kernel.org/stable/c/7db4042336580dfd75cb5faa82c12cd51098c90b
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.225
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.166
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.283
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.107
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.48