{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38614", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-18T19:36:34.944Z", "datePublished": "2024-06-19T13:56:14.753Z", "dateUpdated": "2024-11-05T09:30:59.188Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:30:59.188Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenrisc: traps: Don't send signals to kernel mode threads\n\nOpenRISC exception handling sends signals to user processes on floating\npoint exceptions and trap instructions (for debugging) among others.\nThere is a bug where the trap handling logic may send signals to kernel\nthreads, we should not send these signals to kernel threads, if that\nhappens we treat it as an error.\n\nThis patch adds conditions to die if the kernel receives these\nexceptions in kernel mode code."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/openrisc/kernel/traps.c"], "versions": [{"version": "27267655c531", "lessThan": "c0ed9a711e33", "status": "affected", "versionType": "git"}, {"version": "27267655c531", "lessThan": "075c0405b0d7", "status": "affected", "versionType": "git"}, {"version": "27267655c531", "lessThan": "cea9d0015c14", "status": "affected", "versionType": "git"}, {"version": "27267655c531", "lessThan": "c88cfb5cea5f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/openrisc/kernel/traps.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.33", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.12", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.3", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/c0ed9a711e3392d73e857faa031d8d349c0d70db"}, {"url": "https://git.kernel.org/stable/c/075c0405b0d7d9fc490609e988a3af0069596538"}, {"url": "https://git.kernel.org/stable/c/cea9d0015c140af39477dd5eeb9b20233a45daa9"}, {"url": "https://git.kernel.org/stable/c/c88cfb5cea5f8f9868ef02cc9ce9183a26dcf20f"}], "title": "openrisc: traps: Don't send signals to kernel mode threads", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.973Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c0ed9a711e3392d73e857faa031d8d349c0d70db", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/075c0405b0d7d9fc490609e988a3af0069596538", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cea9d0015c140af39477dd5eeb9b20233a45daa9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c88cfb5cea5f8f9868ef02cc9ce9183a26dcf20f", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38614", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:12:59.093856Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:53.276Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c0ed9a711e3392d73e857faa031d8d349c0d70db", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/075c0405b0d7d9fc490609e988a3af0069596538", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cea9d0015c140af39477dd5eeb9b20233a45daa9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c88cfb5cea5f8f9868ef02cc9ce9183a26dcf20f", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.973Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38614", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:12:59.093856Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:26.586Z"}}], "cna": {"title": "openrisc: traps: Don't send signals to kernel mode threads", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "27267655c531", "lessThan": "c0ed9a711e33", "versionType": "git"}, {"status": "affected", "version": "27267655c531", "lessThan": "075c0405b0d7", "versionType": "git"}, {"status": "affected", "version": "27267655c531", "lessThan": "cea9d0015c14", "versionType": "git"}, {"status": "affected", "version": "27267655c531", "lessThan": "c88cfb5cea5f", "versionType": "git"}], "programFiles": ["arch/openrisc/kernel/traps.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.4"}, {"status": "unaffected", "version": "0", "lessThan": "6.4", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.33", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.12", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9.3", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/openrisc/kernel/traps.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/c0ed9a711e3392d73e857faa031d8d349c0d70db"}, {"url": "https://git.kernel.org/stable/c/075c0405b0d7d9fc490609e988a3af0069596538"}, {"url": "https://git.kernel.org/stable/c/cea9d0015c140af39477dd5eeb9b20233a45daa9"}, {"url": "https://git.kernel.org/stable/c/c88cfb5cea5f8f9868ef02cc9ce9183a26dcf20f"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenrisc: traps: Don't send signals to kernel mode threads\n\nOpenRISC exception handling sends signals to user processes on floating\npoint exceptions and trap instructions (for debugging) among others.\nThere is a bug where the trap handling logic may send signals to kernel\nthreads, we should not send these signals to kernel threads, if that\nhappens we treat it as an error.\n\nThis patch adds conditions to die if the kernel receives these\nexceptions in kernel mode code."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:30:59.188Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38614", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:30:59.188Z", "dateReserved": "2024-06-18T19:36:34.944Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-19T13:56:14.753Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenrisc: traps: Don't send signals to kernel mode threads\n\nOpenRISC exception handling sends signals to user processes on floating\npoint exceptions and trap instructions (for debugging) among others.\nThere is a bug where the trap handling logic may send signals to kernel\nthreads, we should not send these signals to kernel threads, if that\nhappens we treat it as an error.\n\nThis patch adds conditions to die if the kernel receives these\nexceptions in kernel mode code."}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: openrisc: trampas: no env\u00eda se\u00f1ales a subprocesos en modo kernel. El manejo de excepciones de OpenRISC env\u00eda se\u00f1ales a los procesos del usuario sobre excepciones de punto flotante e instrucciones de captura (para depuraci\u00f3n), entre otros. Hay un error en el que la l\u00f3gica de manejo de trampas puede enviar se\u00f1ales a los subprocesos del kernel. No debemos enviar estas se\u00f1ales a los subprocesos del kernel; si eso sucede, lo tratamos como un error. Este parche agrega condiciones para morir si el kernel recibe estas excepciones en el c\u00f3digo del modo kernel."}], "id": "CVE-2024-38614", "lastModified": "2024-06-20T12:43:25.663", "metrics": {}, "published": "2024-06-19T14:15:21.240", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/075c0405b0d7d9fc490609e988a3af0069596538"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c0ed9a711e3392d73e857faa031d8d349c0d70db"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c88cfb5cea5f8f9868ef02cc9ce9183a26dcf20f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cea9d0015c140af39477dd5eeb9b20233a45daa9"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: openrisc: traps: Don't send signals to kernel mode threads", "id": "2293349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293349"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nopenrisc: traps: Don't send signals to kernel mode threads\nOpenRISC exception handling sends signals to user processes on floating\npoint exceptions and trap instructions (for debugging) among others.\nThere is a bug where the trap handling logic may send signals to kernel\nthreads, we should not send these signals to kernel threads, if that\nhappens we treat it as an error.\nThis patch adds conditions to die if the kernel receives these\nexceptions in kernel mode code."], "name": "CVE-2024-38614", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38614\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38614\nhttps://lore.kernel.org/linux-cve-announce/2024061922-CVE-2024-38614-50ce@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.6.33, kernel 6.8.12, kernel 6.9.3, kernel 6.10-rc1"}