{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39499", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-25T14:23:23.751Z", "datePublished": "2024-07-12T12:20:33.658Z", "dateUpdated": "2024-11-05T09:32:29.763Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:32:29.763Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg->event_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/misc/vmw_vmci/vmci_event.c"], "versions": [{"version": "1d990201f9bb", "lessThan": "58730dfbd4ae", "status": "affected", "versionType": "git"}, {"version": "1d990201f9bb", "lessThan": "681967c4ff21", "status": "affected", "versionType": "git"}, {"version": "1d990201f9bb", "lessThan": "f70ff7373467", "status": "affected", "versionType": "git"}, {"version": "1d990201f9bb", "lessThan": "95ac3e773a1f", "status": "affected", "versionType": "git"}, {"version": "1d990201f9bb", "lessThan": "95bac1c8bedb", "status": "affected", "versionType": "git"}, {"version": "1d990201f9bb", "lessThan": "e293c6b38ac9", "status": "affected", "versionType": "git"}, {"version": "1d990201f9bb", "lessThan": "757804e1c599", "status": "affected", "versionType": "git"}, {"version": "1d990201f9bb", "lessThan": "8003f00d8953", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/misc/vmw_vmci/vmci_event.c"], "versions": [{"version": "3.9", "status": "affected"}, {"version": "0", "lessThan": "3.9", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.317", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/58730dfbd4ae01c1b022b0d234a8bf8c02cdfb81"}, {"url": "https://git.kernel.org/stable/c/681967c4ff210e06380acf9b9a1b33ae06e77cbd"}, {"url": "https://git.kernel.org/stable/c/f70ff737346744633e7b655c1fb23e1578491ff3"}, {"url": "https://git.kernel.org/stable/c/95ac3e773a1f8da83c4710a720fbfe80055aafae"}, {"url": "https://git.kernel.org/stable/c/95bac1c8bedb362374ea1937b1d3e833e01174ee"}, {"url": "https://git.kernel.org/stable/c/e293c6b38ac9029d76ff0d2a6b2d74131709a9a8"}, {"url": "https://git.kernel.org/stable/c/757804e1c599af5d2a7f864c8e8b2842406ff4bb"}, {"url": "https://git.kernel.org/stable/c/8003f00d895310d409b2bf9ef907c56b42a4e0f4"}], "title": "vmci: prevent speculation leaks by sanitizing event in event_deliver()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.899Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/58730dfbd4ae01c1b022b0d234a8bf8c02cdfb81", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/681967c4ff210e06380acf9b9a1b33ae06e77cbd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f70ff737346744633e7b655c1fb23e1578491ff3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/95ac3e773a1f8da83c4710a720fbfe80055aafae", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/95bac1c8bedb362374ea1937b1d3e833e01174ee", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e293c6b38ac9029d76ff0d2a6b2d74131709a9a8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/757804e1c599af5d2a7f864c8e8b2842406ff4bb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8003f00d895310d409b2bf9ef907c56b42a4e0f4", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39499", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:07:16.825229Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:40.701Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/58730dfbd4ae01c1b022b0d234a8bf8c02cdfb81", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/681967c4ff210e06380acf9b9a1b33ae06e77cbd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f70ff737346744633e7b655c1fb23e1578491ff3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/95ac3e773a1f8da83c4710a720fbfe80055aafae", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/95bac1c8bedb362374ea1937b1d3e833e01174ee", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e293c6b38ac9029d76ff0d2a6b2d74131709a9a8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/757804e1c599af5d2a7f864c8e8b2842406ff4bb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8003f00d895310d409b2bf9ef907c56b42a4e0f4", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.899Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39499", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:07:16.825229Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:25.152Z"}}], "cna": {"title": "vmci: prevent speculation leaks by sanitizing event in event_deliver()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1d990201f9bb", "lessThan": "58730dfbd4ae", "versionType": "git"}, {"status": "affected", "version": "1d990201f9bb", "lessThan": "681967c4ff21", "versionType": "git"}, {"status": "affected", "version": "1d990201f9bb", "lessThan": "f70ff7373467", "versionType": "git"}, {"status": "affected", "version": "1d990201f9bb", "lessThan": "95ac3e773a1f", "versionType": "git"}, {"status": "affected", "version": "1d990201f9bb", "lessThan": "95bac1c8bedb", "versionType": "git"}, {"status": "affected", "version": "1d990201f9bb", "lessThan": "e293c6b38ac9", "versionType": "git"}, {"status": "affected", "version": "1d990201f9bb", "lessThan": "757804e1c599", "versionType": "git"}, {"status": "affected", "version": "1d990201f9bb", "lessThan": "8003f00d8953", "versionType": "git"}], "programFiles": ["drivers/misc/vmw_vmci/vmci_event.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.9"}, {"status": "unaffected", "version": "0", "lessThan": "3.9", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.317", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.279", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.221", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.162", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.95", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.35", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.6", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/misc/vmw_vmci/vmci_event.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/58730dfbd4ae01c1b022b0d234a8bf8c02cdfb81"}, {"url": "https://git.kernel.org/stable/c/681967c4ff210e06380acf9b9a1b33ae06e77cbd"}, {"url": "https://git.kernel.org/stable/c/f70ff737346744633e7b655c1fb23e1578491ff3"}, {"url": "https://git.kernel.org/stable/c/95ac3e773a1f8da83c4710a720fbfe80055aafae"}, {"url": "https://git.kernel.org/stable/c/95bac1c8bedb362374ea1937b1d3e833e01174ee"}, {"url": "https://git.kernel.org/stable/c/e293c6b38ac9029d76ff0d2a6b2d74131709a9a8"}, {"url": "https://git.kernel.org/stable/c/757804e1c599af5d2a7f864c8e8b2842406ff4bb"}, {"url": "https://git.kernel.org/stable/c/8003f00d895310d409b2bf9ef907c56b42a4e0f4"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg->event_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:32:29.763Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39499", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:32:29.763Z", "dateReserved": "2024-06-25T14:23:23.751Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:20:33.658Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg->event_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: vmci: evita fugas especulativas sanitizando el evento en event_deliver(). Coverity detect\u00f3 que event_msg est\u00e1 controlado por el espacio de usuario, event_msg->event_data.event se pasa a event_deliver() y se usa como un \u00edndice sin sanitizaci\u00f3n. Este cambio garantiza que el \u00edndice de eventos est\u00e9 sanitizado para mitigar cualquier posibilidad de fuga de informaci\u00f3n especulativa. Este error fue descubierto y resuelto utilizando Coverity Static Analysis Security Testing (SAST) por Synopsys, Inc. Solo se prueba la compilaci\u00f3n, no hay acceso al hardware."}], "id": "CVE-2024-39499", "lastModified": "2024-07-12T16:34:58.687", "metrics": {}, "published": "2024-07-12T13:15:12.450", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/58730dfbd4ae01c1b022b0d234a8bf8c02cdfb81"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/681967c4ff210e06380acf9b9a1b33ae06e77cbd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/757804e1c599af5d2a7f864c8e8b2842406ff4bb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8003f00d895310d409b2bf9ef907c56b42a4e0f4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/95ac3e773a1f8da83c4710a720fbfe80055aafae"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/95bac1c8bedb362374ea1937b1d3e833e01174ee"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e293c6b38ac9029d76ff0d2a6b2d74131709a9a8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f70ff737346744633e7b655c1fb23e1578491ff3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: vmci: prevent speculation leaks by sanitizing event in event_deliver()", "id": "2297471", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297471"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-119", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg->event_data.event is passed to event_deliver() and used\nas an index without sanitization.\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\nOnly compile tested, no access to HW.", "A vulnerability was found in the event_deliver() function in the Linux kernel's VMCI component, where the issue involves a lack of sanitization for the event_data.event index controlled by user-space, which could lead to speculative information leaks."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-39499", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-39499\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-39499\nhttps://lore.kernel.org/linux-cve-announce/2024071203-CVE-2024-39499-ed0a@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.317, kernel 5.4.279, kernel 5.10.221, kernel 5.15.162, kernel 6.1.95, kernel 6.6.35, kernel 6.9.6, kernel 6.10-rc1"}