{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36019", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.157Z", "datePublished": "2024-05-30T14:59:42.840Z", "dateUpdated": "2024-11-05T09:26:53.707Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:26:53.707Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: maple: Fix cache corruption in regcache_maple_drop()\n\nWhen keeping the upper end of a cache block entry, the entry[] array\nmust be indexed by the offset from the base register of the block,\ni.e. max - mas.index.\n\nThe code was indexing entry[] by only the register address, leading\nto an out-of-bounds access that copied some part of the kernel\nmemory over the cache contents.\n\nThis bug was not detected by the regmap KUnit test because it only\ntests with a block of registers starting at 0, so mas.index == 0."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/base/regmap/regcache-maple.c"], "versions": [{"version": "f033c26de5a5", "lessThan": "3af6c5ac72dc", "status": "affected", "versionType": "git"}, {"version": "f033c26de5a5", "lessThan": "51c4440b9d3f", "status": "affected", "versionType": "git"}, {"version": "f033c26de5a5", "lessThan": "00bb549d7d63", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/base/regmap/regcache-maple.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.26", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.5", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/3af6c5ac72dc5b721058132a0a1d7779e443175e"}, {"url": "https://git.kernel.org/stable/c/51c4440b9d3fd7c8234e6de9170a487c03506e53"}, {"url": "https://git.kernel.org/stable/c/00bb549d7d63a21532e76e4a334d7807a54d9f31"}], "title": "regmap: maple: Fix cache corruption in regcache_maple_drop()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36019", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-30T16:11:04.952877Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:47:34.967Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.601Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/3af6c5ac72dc5b721058132a0a1d7779e443175e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/51c4440b9d3fd7c8234e6de9170a487c03506e53", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/00bb549d7d63a21532e76e4a334d7807a54d9f31", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/3af6c5ac72dc5b721058132a0a1d7779e443175e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/51c4440b9d3fd7c8234e6de9170a487c03506e53", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/00bb549d7d63a21532e76e4a334d7807a54d9f31", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.601Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36019", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-30T16:11:04.952877Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-30T16:11:09.529Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "regmap: maple: Fix cache corruption in regcache_maple_drop()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "f033c26de5a5", "lessThan": "3af6c5ac72dc", "versionType": "git"}, {"status": "affected", "version": "f033c26de5a5", "lessThan": "51c4440b9d3f", "versionType": "git"}, {"status": "affected", "version": "f033c26de5a5", "lessThan": "00bb549d7d63", "versionType": "git"}], "programFiles": ["drivers/base/regmap/regcache-maple.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.4"}, {"status": "unaffected", "version": "0", "lessThan": "6.4", "versionType": "custom"}, {"status": "unaffected", "version": "6.6.26", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.5", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/base/regmap/regcache-maple.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/3af6c5ac72dc5b721058132a0a1d7779e443175e"}, {"url": "https://git.kernel.org/stable/c/51c4440b9d3fd7c8234e6de9170a487c03506e53"}, {"url": "https://git.kernel.org/stable/c/00bb549d7d63a21532e76e4a334d7807a54d9f31"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: maple: Fix cache corruption in regcache_maple_drop()\n\nWhen keeping the upper end of a cache block entry, the entry[] array\nmust be indexed by the offset from the base register of the block,\ni.e. max - mas.index.\n\nThe code was indexing entry[] by only the register address, leading\nto an out-of-bounds access that copied some part of the kernel\nmemory over the cache contents.\n\nThis bug was not detected by the regmap KUnit test because it only\ntests with a block of registers starting at 0, so mas.index == 0."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-30T14:59:42.840Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36019", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:30:12.601Z", "dateReserved": "2024-05-17T13:50:33.157Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-30T14:59:42.840Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: maple: Fix cache corruption in regcache_maple_drop()\n\nWhen keeping the upper end of a cache block entry, the entry[] array\nmust be indexed by the offset from the base register of the block,\ni.e. max - mas.index.\n\nThe code was indexing entry[] by only the register address, leading\nto an out-of-bounds access that copied some part of the kernel\nmemory over the cache contents.\n\nThis bug was not detected by the regmap KUnit test because it only\ntests with a block of registers starting at 0, so mas.index == 0."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: regmap: maple: corrige la corrupci\u00f3n de la cach\u00e9 en regcache_maple_drop() Cuando se mantiene el extremo superior de una entrada de bloque de cach\u00e9, la matriz de entrada[] debe indexarse seg\u00fan el desplazamiento del registro base de el bloque, es decir, max - mas.index. El c\u00f3digo indexaba la entrada [] solo por la direcci\u00f3n de registro, lo que generaba un acceso fuera de los l\u00edmites que copiaba parte de la memoria del kernel sobre el contenido de la cach\u00e9. Este error no fue detectado por la prueba regmap KUnit porque solo prueba con un bloque de registros que comienza en 0, por lo que mas.index == 0."}], "id": "CVE-2024-36019", "lastModified": "2024-11-21T09:21:26.973", "metrics": {}, "published": "2024-05-30T15:15:49.027", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/00bb549d7d63a21532e76e4a334d7807a54d9f31"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3af6c5ac72dc5b721058132a0a1d7779e443175e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/51c4440b9d3fd7c8234e6de9170a487c03506e53"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/00bb549d7d63a21532e76e4a334d7807a54d9f31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/3af6c5ac72dc5b721058132a0a1d7779e443175e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/51c4440b9d3fd7c8234e6de9170a487c03506e53"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:6567", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.35.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6567", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.35.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-11T00:00:00Z"}], "bugzilla": {"description": "kernel: regmap: maple: Fix cache corruption in regcache_maple_drop()", "id": "2284402", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284402"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nregmap: maple: Fix cache corruption in regcache_maple_drop()\nWhen keeping the upper end of a cache block entry, the entry[] array\nmust be indexed by the offset from the base register of the block,\ni.e. max - mas.index.\nThe code was indexing entry[] by only the register address, leading\nto an out-of-bounds access that copied some part of the kernel\nmemory over the cache contents.\nThis bug was not detected by the regmap KUnit test because it only\ntests with a block of registers starting at 0, so mas.index == 0.", "A vulnerability was found in the Linux kernel\u2019s `regmap` subsystem. Due to improper indexing in the `regcache_maple_drop()` function, an out-of-bounds access could corrupt the cache by overwriting parts of it with kernel memory."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-36019", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-36019\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36019\nhttps://lore.kernel.org/linux-cve-announce/2024053044-CVE-2024-36019-59fb@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 6.6.26, kernel 6.8.5, kernel 6.9"}