{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-40984", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.604Z", "datePublished": "2024-07-12T12:33:57.947Z", "dateUpdated": "2025-11-03T21:58:49.395Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:19:20.884Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"\n\nUndo the modifications made in commit d410ee5109a1 (\"ACPICA: avoid\n\"Info: mapping multiple BARs. Your kernel is fine.\"\"). The initial\npurpose of this commit was to stop memory mappings for operation\nregions from overlapping page boundaries, as it can trigger warnings\nif different page attributes are present.\n\nHowever, it was found that when this situation arises, mapping\ncontinues until the boundary's end, but there is still an attempt to\nread/write the entire length of the map, leading to a NULL pointer\ndeference. For example, if a four-byte mapping request is made but\nonly one byte is mapped because it hits the current page boundary's\nend, a four-byte read/write attempt is still made, resulting in a NULL\npointer deference.\n\nInstead, map the entire length, as the ACPI specification does not\nmandate that it must be within the same page boundary. It is\npermissible for it to be mapped across different regions."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/acpi/acpica/exregion.c"], "versions": [{"version": "d410ee5109a1633a686a5663c6743a92e1181f9b", "lessThan": "435ecc978c3d5d0c4e172ec5b956dc1904061d98", "status": "affected", "versionType": "git"}, {"version": "d410ee5109a1633a686a5663c6743a92e1181f9b", "lessThan": "ae465109d82f4fb03c5adbe85f2d6a6a3d59124c", "status": "affected", "versionType": "git"}, {"version": "d410ee5109a1633a686a5663c6743a92e1181f9b", "lessThan": "6eca23100e9030725f69c1babacd58803f29ec8d", "status": "affected", "versionType": "git"}, {"version": "d410ee5109a1633a686a5663c6743a92e1181f9b", "lessThan": "dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f", "status": "affected", "versionType": "git"}, {"version": "d410ee5109a1633a686a5663c6743a92e1181f9b", "lessThan": "ddc1f5f124479360a1fd43f73be950781d172239", "status": "affected", "versionType": "git"}, {"version": "d410ee5109a1633a686a5663c6743a92e1181f9b", "lessThan": "434c6b924e1f4c219aab2d9e05fe79c5364e37d3", "status": "affected", "versionType": "git"}, {"version": "d410ee5109a1633a686a5663c6743a92e1181f9b", "lessThan": "e21a4c9129c72fa54dd00f5ebf71219b41d43c04", "status": "affected", "versionType": "git"}, {"version": "d410ee5109a1633a686a5663c6743a92e1181f9b", "lessThan": "a83e1385b780d41307433ddbc86e3c528db031f0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/acpi/acpica/exregion.c"], "versions": [{"version": "2.6.32", "status": "affected"}, {"version": "0", "lessThan": "2.6.32", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.317", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.96", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.36", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.7", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.32", "versionEndExcluding": "4.19.317"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.32", "versionEndExcluding": "5.4.279"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.32", "versionEndExcluding": "5.10.221"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.32", "versionEndExcluding": "5.15.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.32", "versionEndExcluding": "6.1.96"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.32", "versionEndExcluding": "6.6.36"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.32", "versionEndExcluding": "6.9.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.32", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/435ecc978c3d5d0c4e172ec5b956dc1904061d98"}, {"url": "https://git.kernel.org/stable/c/ae465109d82f4fb03c5adbe85f2d6a6a3d59124c"}, {"url": "https://git.kernel.org/stable/c/6eca23100e9030725f69c1babacd58803f29ec8d"}, {"url": "https://git.kernel.org/stable/c/dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f"}, {"url": "https://git.kernel.org/stable/c/ddc1f5f124479360a1fd43f73be950781d172239"}, {"url": "https://git.kernel.org/stable/c/434c6b924e1f4c219aab2d9e05fe79c5364e37d3"}, {"url": "https://git.kernel.org/stable/c/e21a4c9129c72fa54dd00f5ebf71219b41d43c04"}, {"url": "https://git.kernel.org/stable/c/a83e1385b780d41307433ddbc86e3c528db031f0"}], "title": "ACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/435ecc978c3d5d0c4e172ec5b956dc1904061d98", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ae465109d82f4fb03c5adbe85f2d6a6a3d59124c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6eca23100e9030725f69c1babacd58803f29ec8d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ddc1f5f124479360a1fd43f73be950781d172239", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/434c6b924e1f4c219aab2d9e05fe79c5364e37d3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e21a4c9129c72fa54dd00f5ebf71219b41d43c04", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a83e1385b780d41307433ddbc86e3c528db031f0", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:58:49.395Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40984", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:02:10.333733Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:21.046Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/435ecc978c3d5d0c4e172ec5b956dc1904061d98", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ae465109d82f4fb03c5adbe85f2d6a6a3d59124c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6eca23100e9030725f69c1babacd58803f29ec8d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ddc1f5f124479360a1fd43f73be950781d172239", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/434c6b924e1f4c219aab2d9e05fe79c5364e37d3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e21a4c9129c72fa54dd00f5ebf71219b41d43c04", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a83e1385b780d41307433ddbc86e3c528db031f0", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.027Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40984", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:02:10.333733Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:22.148Z"}}], "cna": {"title": "ACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "d410ee5109a1", "lessThan": "435ecc978c3d", "versionType": "git"}, {"status": "affected", "version": "d410ee5109a1", "lessThan": "ae465109d82f", "versionType": "git"}, {"status": "affected", "version": "d410ee5109a1", "lessThan": "6eca23100e90", "versionType": "git"}, {"status": "affected", "version": "d410ee5109a1", "lessThan": "dc5017c57f5e", "versionType": "git"}, {"status": "affected", "version": "d410ee5109a1", "lessThan": "ddc1f5f12447", "versionType": "git"}, {"status": "affected", "version": "d410ee5109a1", "lessThan": "434c6b924e1f", "versionType": "git"}, {"status": "affected", "version": "d410ee5109a1", "lessThan": "e21a4c9129c7", "versionType": "git"}, {"status": "affected", "version": "d410ee5109a1", "lessThan": "a83e1385b780", "versionType": "git"}], "programFiles": ["drivers/acpi/acpica/exregion.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.32"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.32", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.317", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.279", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.221", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.162", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.96", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.36", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.7", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/acpi/acpica/exregion.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/435ecc978c3d5d0c4e172ec5b956dc1904061d98"}, {"url": "https://git.kernel.org/stable/c/ae465109d82f4fb03c5adbe85f2d6a6a3d59124c"}, {"url": "https://git.kernel.org/stable/c/6eca23100e9030725f69c1babacd58803f29ec8d"}, {"url": "https://git.kernel.org/stable/c/dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f"}, {"url": "https://git.kernel.org/stable/c/ddc1f5f124479360a1fd43f73be950781d172239"}, {"url": "https://git.kernel.org/stable/c/434c6b924e1f4c219aab2d9e05fe79c5364e37d3"}, {"url": "https://git.kernel.org/stable/c/e21a4c9129c72fa54dd00f5ebf71219b41d43c04"}, {"url": "https://git.kernel.org/stable/c/a83e1385b780d41307433ddbc86e3c528db031f0"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"\n\nUndo the modifications made in commit d410ee5109a1 (\"ACPICA: avoid\n\"Info: mapping multiple BARs. Your kernel is fine.\"\"). The initial\npurpose of this commit was to stop memory mappings for operation\nregions from overlapping page boundaries, as it can trigger warnings\nif different page attributes are present.\n\nHowever, it was found that when this situation arises, mapping\ncontinues until the boundary's end, but there is still an attempt to\nread/write the entire length of the map, leading to a NULL pointer\ndeference. For example, if a four-byte mapping request is made but\nonly one byte is mapped because it hits the current page boundary's\nend, a four-byte read/write attempt is still made, resulting in a NULL\npointer deference.\n\nInstead, map the entire length, as the ACPI specification does not\nmandate that it must be within the same page boundary. It is\npermissible for it to be mapped across different regions."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:34:29.524Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40984", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:34:29.524Z", "dateReserved": "2024-07-12T12:17:45.604Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:33:57.947Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D19E57A6-28DE-488E-A59D-79D6D29814AE", "versionEndExcluding": "4.19.317", "versionStartIncluding": "2.6.32", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4E38E58-1B9F-4DF2-AD3D-A8BEAA2959D8", "versionEndExcluding": "5.4.279", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "659E1520-6345-41AF-B893-A7C0647585A0", "versionEndExcluding": "5.10.221", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5", "versionEndExcluding": "5.15.162", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "61E887B4-732A-40D2-9983-CC6F281EBFB7", "versionEndExcluding": "6.1.96", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1046C95-860A-45B0-B718-2B29F65BFF10", "versionEndExcluding": "6.6.36", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A047AF2-94AC-4A3A-B32D-6AB930D8EF1C", "versionEndExcluding": "6.9.7", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"\n\nUndo the modifications made in commit d410ee5109a1 (\"ACPICA: avoid\n\"Info: mapping multiple BARs. Your kernel is fine.\"\"). The initial\npurpose of this commit was to stop memory mappings for operation\nregions from overlapping page boundaries, as it can trigger warnings\nif different page attributes are present.\n\nHowever, it was found that when this situation arises, mapping\ncontinues until the boundary's end, but there is still an attempt to\nread/write the entire length of the map, leading to a NULL pointer\ndeference. For example, if a four-byte mapping request is made but\nonly one byte is mapped because it hits the current page boundary's\nend, a four-byte read/write attempt is still made, resulting in a NULL\npointer deference.\n\nInstead, map the entire length, as the ACPI specification does not\nmandate that it must be within the same page boundary. It is\npermissible for it to be mapped across different regions."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ACPICA: Revertir \"ACPICA: evitar Informaci\u00f3n: mapeo de m\u00faltiples BAR. Su kernel est\u00e1 bien\". Deshaga las modificaciones realizadas en el commit d410ee5109a1 (\"ACPICA: evite \"Informaci\u00f3n: mapeo de varias BAR. Su kernel est\u00e1 bien.\"\"). El prop\u00f3sito inicial de est\u00e9 commit fue evitar que las asignaciones de memoria para regiones de operaci\u00f3n se superpongan en los l\u00edmites de las p\u00e1ginas, ya que puede generar advertencias si hay diferentes atributos de p\u00e1gina presentes. Sin embargo, se descubri\u00f3 que cuando surge esta situaci\u00f3n, el mapeo contin\u00faa hasta el final del l\u00edmite, pero todav\u00eda hay un intento de leer/escribir en toda la longitud del mapa, lo que lleva a una deferencia del puntero NULL. Por ejemplo, si se realiza una solicitud de asignaci\u00f3n de cuatro bytes pero solo se asigna un byte porque llega al final del l\u00edmite de la p\u00e1gina actual, a\u00fan se realiza un intento de lectura/escritura de cuatro bytes, lo que resulta en una deferencia de puntero NULL. En su lugar, asigne toda la longitud, ya que la especificaci\u00f3n ACPI no exige que deba estar dentro del mismo l\u00edmite de p\u00e1gina. Est\u00e1 permitido mapearlo en diferentes regiones."}], "id": "CVE-2024-40984", "lastModified": "2025-11-03T22:17:20.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:19.977", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/434c6b924e1f4c219aab2d9e05fe79c5364e37d3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/435ecc978c3d5d0c4e172ec5b956dc1904061d98"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6eca23100e9030725f69c1babacd58803f29ec8d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a83e1385b780d41307433ddbc86e3c528db031f0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ae465109d82f4fb03c5adbe85f2d6a6a3d59124c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ddc1f5f124479360a1fd43f73be950781d172239"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e21a4c9129c72fa54dd00f5ebf71219b41d43c04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/434c6b924e1f4c219aab2d9e05fe79c5364e37d3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/435ecc978c3d5d0c4e172ec5b956dc1904061d98"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6eca23100e9030725f69c1babacd58803f29ec8d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a83e1385b780d41307433ddbc86e3c528db031f0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ae465109d82f4fb03c5adbe85f2d6a6a3d59124c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ddc1f5f124479360a1fd43f73be950781d172239"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e21a4c9129c72fa54dd00f5ebf71219b41d43c04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:8870", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.27.1.rt7.368.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8856", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.27.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:6997", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.37.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6997", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.37.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6991", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "kernel-0:5.14.0-70.117.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6990", "cpe": "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.117.1.rt21.189.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6744", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.84.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6745", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.84.1.rt14.369.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-09-18T00:00:00Z"}], "bugzilla": {"description": "kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."", "id": "2297568", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297568"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"\nUndo the modifications made in commit d410ee5109a1 (\"ACPICA: avoid\n\"Info: mapping multiple BARs. Your kernel is fine.\"\"). The initial\npurpose of this commit was to stop memory mappings for operation\nregions from overlapping page boundaries, as it can trigger warnings\nif different page attributes are present.\nHowever, it was found that when this situation arises, mapping\ncontinues until the boundary's end, but there is still an attempt to\nread/write the entire length of the map, leading to a NULL pointer\ndeference. For example, if a four-byte mapping request is made but\nonly one byte is mapped because it hits the current page boundary's\nend, a four-byte read/write attempt is still made, resulting in a NULL\npointer deference.\nInstead, map the entire length, as the ACPI specification does not\nmandate that it must be within the same page boundary. It is\npermissible for it to be mapped across different regions.", "A vulnerability was found in the Linux kernel's ACPICA component, where improper handling of memory mappings can lead to a NULL pointer dereference. This issue arises when mapping requests exceed page boundaries, resulting in attempts to access unmapped memory."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-40984", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40984\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40984\nhttps://lore.kernel.org/linux-cve-announce/2024071201-CVE-2024-40984-66b2@gregkh/T"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-476: NULL Pointer Dereference vulnerability and downgrades the severity of this particular CVE from Moderate to Low.\nThe platform incorporates secure engineering principles and controls to enforce secure coding practices, including proper memory handling and error checking, reducing the likelihood of NULL pointer dereference vulnerabilities. Coding standards, tools, and processes support early detection and prevention of memory-related flaws. Static code analysis identifies NULL dereference and related issues during development, while system monitoring detects memory errors and anomalous behavior in the event of exploitation. \nAdditionally, the platform leverages memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against memory-related vulnerabilities.", "threat_severity": "Moderate"}

{}