CVE-2024-35988 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: riscv: Fix TASK_SIZE on 64-bit NOMMU On NOMMU, userspace memory can come from anywhere in physical RAM. The current definition of TASK_SIZE is wrong if any RAM exists above 4G, causing spurious failures in the userspace access routines.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/04bf2e5f95c1a52e28a7567a507f926efe31c3b6
https://git.kernel.org/stable/c/4201b8c8f2c32af321fb50867e68ac6c1cbed4be
https://git.kernel.org/stable/c/52e8a42b11078d2aad4b9ba96503d77c7299168b
https://git.kernel.org/stable/c/6065e736f82c817c9a597a31ee67f0ce4628e948
https://git.kernel.org/stable/c/a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa
https://git.kernel.org/stable/c/efdcfa554b6eb228943ef1dd4d023c606be647d2
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lore.kernel.org/linux-cve-announce/2024052019-CVE-2024-35988-22a1@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-35988
https://www.cve.org/CVERecord?id=CVE-2024-35988

History

Fri, 20 Dec 2024 08:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-20T09:47:54.391Z

Updated: 2024-12-19T08:59:42.684Z

Reserved: 2024-05-17T13:50:33.146Z

Link: CVE-2024-35988

Vulnrichment

Updated: 2024-08-02T03:30:12.607Z

NVD

Status : Awaiting Analysis

Published: 2024-05-20T10:15:13.120

Modified: 2024-11-21T09:21:22.337

Link: CVE-2024-35988

Redhat

Severity : Moderate

Publid Date: 2024-05-20T00:00:00Z

Links: CVE-2024-35988 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-35988", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.146Z", "datePublished": "2024-05-20T09:47:54.391Z", "dateUpdated": "2024-12-19T08:59:42.684Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:59:42.684Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix TASK_SIZE on 64-bit NOMMU\n\nOn NOMMU, userspace memory can come from anywhere in physical RAM. The\ncurrent definition of TASK_SIZE is wrong if any RAM exists above 4G,\ncausing spurious failures in the userspace access routines."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/include/asm/pgtable.h"], "versions": [{"version": "6bd33e1ece528f67646db33bf97406b747dafda0", "lessThan": "04bf2e5f95c1a52e28a7567a507f926efe31c3b6", "status": "affected", "versionType": "git"}, {"version": "6bd33e1ece528f67646db33bf97406b747dafda0", "lessThan": "52e8a42b11078d2aad4b9ba96503d77c7299168b", "status": "affected", "versionType": "git"}, {"version": "6bd33e1ece528f67646db33bf97406b747dafda0", "lessThan": "4201b8c8f2c32af321fb50867e68ac6c1cbed4be", "status": "affected", "versionType": "git"}, {"version": "6bd33e1ece528f67646db33bf97406b747dafda0", "lessThan": "a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa", "status": "affected", "versionType": "git"}, {"version": "6bd33e1ece528f67646db33bf97406b747dafda0", "lessThan": "efdcfa554b6eb228943ef1dd4d023c606be647d2", "status": "affected", "versionType": "git"}, {"version": "6bd33e1ece528f67646db33bf97406b747dafda0", "lessThan": "6065e736f82c817c9a597a31ee67f0ce4628e948", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/include/asm/pgtable.h"], "versions": [{"version": "5.5", "status": "affected"}, {"version": "0", "lessThan": "5.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.216", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.158", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.90", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.30", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.9", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/04bf2e5f95c1a52e28a7567a507f926efe31c3b6"}, {"url": "https://git.kernel.org/stable/c/52e8a42b11078d2aad4b9ba96503d77c7299168b"}, {"url": "https://git.kernel.org/stable/c/4201b8c8f2c32af321fb50867e68ac6c1cbed4be"}, {"url": "https://git.kernel.org/stable/c/a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa"}, {"url": "https://git.kernel.org/stable/c/efdcfa554b6eb228943ef1dd4d023c606be647d2"}, {"url": "https://git.kernel.org/stable/c/6065e736f82c817c9a597a31ee67f0ce4628e948"}], "title": "riscv: Fix TASK_SIZE on 64-bit NOMMU", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35988", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-20T15:03:33.366892Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:33:26.327Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.607Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/04bf2e5f95c1a52e28a7567a507f926efe31c3b6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/52e8a42b11078d2aad4b9ba96503d77c7299168b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4201b8c8f2c32af321fb50867e68ac6c1cbed4be", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/efdcfa554b6eb228943ef1dd4d023c606be647d2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6065e736f82c817c9a597a31ee67f0ce4628e948", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/04bf2e5f95c1a52e28a7567a507f926efe31c3b6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/52e8a42b11078d2aad4b9ba96503d77c7299168b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4201b8c8f2c32af321fb50867e68ac6c1cbed4be", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/efdcfa554b6eb228943ef1dd4d023c606be647d2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6065e736f82c817c9a597a31ee67f0ce4628e948", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.607Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35988", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-20T15:03:33.366892Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.899Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "riscv: Fix TASK_SIZE on 64-bit NOMMU", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6bd33e1ece528f67646db33bf97406b747dafda0", "lessThan": "04bf2e5f95c1a52e28a7567a507f926efe31c3b6", "versionType": "git"}, {"status": "affected", "version": "6bd33e1ece528f67646db33bf97406b747dafda0", "lessThan": "52e8a42b11078d2aad4b9ba96503d77c7299168b", "versionType": "git"}, {"status": "affected", "version": "6bd33e1ece528f67646db33bf97406b747dafda0", "lessThan": "4201b8c8f2c32af321fb50867e68ac6c1cbed4be", "versionType": "git"}, {"status": "affected", "version": "6bd33e1ece528f67646db33bf97406b747dafda0", "lessThan": "a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa", "versionType": "git"}, {"status": "affected", "version": "6bd33e1ece528f67646db33bf97406b747dafda0", "lessThan": "efdcfa554b6eb228943ef1dd4d023c606be647d2", "versionType": "git"}, {"status": "affected", "version": "6bd33e1ece528f67646db33bf97406b747dafda0", "lessThan": "6065e736f82c817c9a597a31ee67f0ce4628e948", "versionType": "git"}], "programFiles": ["arch/riscv/include/asm/pgtable.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.5"}, {"status": "unaffected", "version": "0", "lessThan": "5.5", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.216", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.158", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.90", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.30", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.9", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/riscv/include/asm/pgtable.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/04bf2e5f95c1a52e28a7567a507f926efe31c3b6"}, {"url": "https://git.kernel.org/stable/c/52e8a42b11078d2aad4b9ba96503d77c7299168b"}, {"url": "https://git.kernel.org/stable/c/4201b8c8f2c32af321fb50867e68ac6c1cbed4be"}, {"url": "https://git.kernel.org/stable/c/a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa"}, {"url": "https://git.kernel.org/stable/c/efdcfa554b6eb228943ef1dd4d023c606be647d2"}, {"url": "https://git.kernel.org/stable/c/6065e736f82c817c9a597a31ee67f0ce4628e948"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix TASK_SIZE on 64-bit NOMMU\n\nOn NOMMU, userspace memory can come from anywhere in physical RAM. The\ncurrent definition of TASK_SIZE is wrong if any RAM exists above 4G,\ncausing spurious failures in the userspace access routines."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:59:42.684Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35988", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:59:42.684Z", "dateReserved": "2024-05-17T13:50:33.146Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-20T09:47:54.391Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix TASK_SIZE on 64-bit NOMMU\n\nOn NOMMU, userspace memory can come from anywhere in physical RAM. The\ncurrent definition of TASK_SIZE is wrong if any RAM exists above 4G,\ncausing spurious failures in the userspace access routines."}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: riscv: corrige TASK_SIZE en NOMMU de 64 bits En NOMMU, la memoria del espacio de usuario puede provenir de cualquier lugar de la RAM f\u00edsica. La definici\u00f3n actual de TASK_SIZE es incorrecta si existe RAM por encima de 4G, lo que provoca fallos falsos en las rutinas de acceso al espacio de usuario."}], "id": "CVE-2024-35988", "lastModified": "2024-11-21T09:21:22.337", "metrics": {}, "published": "2024-05-20T10:15:13.120", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/04bf2e5f95c1a52e28a7567a507f926efe31c3b6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4201b8c8f2c32af321fb50867e68ac6c1cbed4be"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/52e8a42b11078d2aad4b9ba96503d77c7299168b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6065e736f82c817c9a597a31ee67f0ce4628e948"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/efdcfa554b6eb228943ef1dd4d023c606be647d2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/04bf2e5f95c1a52e28a7567a507f926efe31c3b6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/4201b8c8f2c32af321fb50867e68ac6c1cbed4be"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/52e8a42b11078d2aad4b9ba96503d77c7299168b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/6065e736f82c817c9a597a31ee67f0ce4628e948"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/efdcfa554b6eb228943ef1dd4d023c606be647d2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: riscv: Fix TASK_SIZE on 64-bit NOMMU", "id": "2281850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281850"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nriscv: Fix TASK_SIZE on 64-bit NOMMU\nOn NOMMU, userspace memory can come from anywhere in physical RAM. The\ncurrent definition of TASK_SIZE is wrong if any RAM exists above 4G,\ncausing spurious failures in the userspace access routines.", "A vulnerability was found in the Linux kernel affecting the riscv architecture on 64-bit NOMMU systems. The issue stems from an incorrect definition of TASK_SIZE, which causes failures in userspace access routines when there is RAM above 4GB. The vulnerability affects the file `arch/riscv/include/asm/pgtable.h`."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35988", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35988\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35988\nhttps://lore.kernel.org/linux-cve-announce/2024052019-CVE-2024-35988-22a1@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.10.216, kernel 5.15.158, kernel 6.1.90, kernel 6.6.30, kernel 6.8.9, kernel 6.9"}