{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27406", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:47:42.681Z", "datePublished": "2024-05-17T11:40:28.608Z", "dateUpdated": "2024-11-05T09:21:38.120Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:21:38.120Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/Kconfig.debug: TEST_IOV_ITER depends on MMU\n\nTrying to run the iov_iter unit test on a nommu system such as the qemu\nkc705-nommu emulation results in a crash.\n\n KTAP version 1\n # Subtest: iov_iter\n # module: kunit_iov_iter\n 1..9\nBUG: failure at mm/nommu.c:318/vmap()!\nKernel panic - not syncing: BUG!\n\nThe test calls vmap() directly, but vmap() is not supported on nommu\nsystems, causing the crash. TEST_IOV_ITER therefore needs to depend on\nMMU."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["lib/Kconfig.debug"], "versions": [{"version": "2d71340ff1d4", "lessThan": "e6316749d603", "status": "affected", "versionType": "git"}, {"version": "2d71340ff1d4", "lessThan": "9e6e541b9776", "status": "affected", "versionType": "git"}, {"version": "2d71340ff1d4", "lessThan": "1eb1e984379e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["lib/Kconfig.debug"], "versions": [{"version": "6.6", "status": "affected"}, {"version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.19", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.7", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/e6316749d603fe9c4c91f6ec3694e06e4de632a3"}, {"url": "https://git.kernel.org/stable/c/9e6e541b97762d5b1143070067f7c68f39a408f8"}, {"url": "https://git.kernel.org/stable/c/1eb1e984379e2da04361763f66eec90dd75cf63e"}], "title": "lib/Kconfig.debug: TEST_IOV_ITER depends on MMU", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27406", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T17:17:04.256288Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:47:28.200Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.087Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e6316749d603fe9c4c91f6ec3694e06e4de632a3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9e6e541b97762d5b1143070067f7c68f39a408f8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1eb1e984379e2da04361763f66eec90dd75cf63e", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e6316749d603fe9c4c91f6ec3694e06e4de632a3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9e6e541b97762d5b1143070067f7c68f39a408f8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1eb1e984379e2da04361763f66eec90dd75cf63e", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.087Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27406", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T17:17:04.256288Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.685Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "lib/Kconfig.debug: TEST_IOV_ITER depends on MMU", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2d71340ff1d4", "lessThan": "e6316749d603", "versionType": "git"}, {"status": "affected", "version": "2d71340ff1d4", "lessThan": "9e6e541b9776", "versionType": "git"}, {"status": "affected", "version": "2d71340ff1d4", "lessThan": "1eb1e984379e", "versionType": "git"}], "programFiles": ["lib/Kconfig.debug"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.6"}, {"status": "unaffected", "version": "0", "lessThan": "6.6", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.19", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.7", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["lib/Kconfig.debug"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/e6316749d603fe9c4c91f6ec3694e06e4de632a3"}, {"url": "https://git.kernel.org/stable/c/9e6e541b97762d5b1143070067f7c68f39a408f8"}, {"url": "https://git.kernel.org/stable/c/1eb1e984379e2da04361763f66eec90dd75cf63e"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/Kconfig.debug: TEST_IOV_ITER depends on MMU\n\nTrying to run the iov_iter unit test on a nommu system such as the qemu\nkc705-nommu emulation results in a crash.\n\n KTAP version 1\n # Subtest: iov_iter\n # module: kunit_iov_iter\n 1..9\nBUG: failure at mm/nommu.c:318/vmap()!\nKernel panic - not syncing: BUG!\n\nThe test calls vmap() directly, but vmap() is not supported on nommu\nsystems, causing the crash. TEST_IOV_ITER therefore needs to depend on\nMMU."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:21:38.120Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27406", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:21:38.120Z", "dateReserved": "2024-02-25T13:47:42.681Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T11:40:28.608Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/Kconfig.debug: TEST_IOV_ITER depends on MMU\n\nTrying to run the iov_iter unit test on a nommu system such as the qemu\nkc705-nommu emulation results in a crash.\n\n KTAP version 1\n # Subtest: iov_iter\n # module: kunit_iov_iter\n 1..9\nBUG: failure at mm/nommu.c:318/vmap()!\nKernel panic - not syncing: BUG!\n\nThe test calls vmap() directly, but vmap() is not supported on nommu\nsystems, causing the crash. TEST_IOV_ITER therefore needs to depend on\nMMU."}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: lib/Kconfig.debug: TEST_IOV_ITER depende de MMU Intentar ejecutar la prueba unitaria iov_iter en un sistema nommu como la emulaci\u00f3n qemu kc705-nommu produce un bloqueo. KTAP versi\u00f3n 1 # Subprueba: iov_iter # m\u00f3dulo: kunit_iov_iter 1..9 BUG: fallo en mm/nommu.c:318/vmap()! P\u00e1nico del kernel: no se sincroniza: \u00a1BUG! La prueba llama a vmap() directamente, pero vmap() no es compatible con los sistemas nommu, lo que provoca el bloqueo. Por lo tanto, TEST_IOV_ITER debe depender de MMU."}], "id": "CVE-2024-27406", "lastModified": "2024-05-17T18:35:35.070", "metrics": {}, "published": "2024-05-17T12:15:10.757", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1eb1e984379e2da04361763f66eec90dd75cf63e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9e6e541b97762d5b1143070067f7c68f39a408f8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e6316749d603fe9c4c91f6ec3694e06e4de632a3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: lib/Kconfig.debug: TEST_IOV_ITER depends on MMU", "id": "2281121", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281121"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-762", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nlib/Kconfig.debug: TEST_IOV_ITER depends on MMU\nTrying to run the iov_iter unit test on a nommu system such as the qemu\nkc705-nommu emulation results in a crash.\nKTAP version 1\n# Subtest: iov_iter\n# module: kunit_iov_iter\n1..9\nBUG: failure at mm/nommu.c:318/vmap()!\nKernel panic - not syncing: BUG!\nThe test calls vmap() directly, but vmap() is not supported on nommu\nsystems, causing the crash. TEST_IOV_ITER therefore needs to depend on\nMMU.", "A vulnerability was found and fixed in the Linux kernel's `TEST_IOV_ITER` configuration option. This fix corrected the dependancy on the Memory Management Unit (MMU). Previously, enabling this option without proper dependency checks could lead to kernel misbehavior or crashes."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-27406", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27406\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27406\nhttps://lore.kernel.org/linux-cve-announce/2024051739-CVE-2024-27406-cfc3@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.6.19, kernel 6.7.7, kernel 6.8"}