{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41064", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.628Z", "datePublished": "2024-07-29T14:57:26.086Z", "dateUpdated": "2024-11-05T09:36:01.481Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:36:01.481Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/eeh: avoid possible crash when edev->pdev changes\n\nIf a PCI device is removed during eeh_pe_report_edev(), edev->pdev\nwill change and can cause a crash, hold the PCI rescan/remove lock\nwhile taking a copy of edev->pdev->bus."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/powerpc/kernel/eeh_pe.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "8836e1bf5838", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "033c51dfdbb6", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "4fad7fef847b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "4bc246d2d60d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "f23c3d1ca9c4", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "428d940a8b6b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a1216e62d039", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/powerpc/kernel/eeh_pe.c"], "versions": [{"version": "5.4.281", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.223", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.164", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.101", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.42", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.11", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3"}, {"url": "https://git.kernel.org/stable/c/033c51dfdbb6b79ab43fb3587276fa82d0a329e1"}, {"url": "https://git.kernel.org/stable/c/4fad7fef847b6028475dd7b4c14fcb82b3e51274"}, {"url": "https://git.kernel.org/stable/c/4bc246d2d60d071314842fa448faa4ed39082aff"}, {"url": "https://git.kernel.org/stable/c/f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5"}, {"url": "https://git.kernel.org/stable/c/428d940a8b6b3350b282c14d3f63350bde65c48b"}, {"url": "https://git.kernel.org/stable/c/a1216e62d039bf63a539bbe718536ec789a853dd"}], "title": "powerpc/eeh: avoid possible crash when edev->pdev changes", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:51.169Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/033c51dfdbb6b79ab43fb3587276fa82d0a329e1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4fad7fef847b6028475dd7b4c14fcb82b3e51274", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4bc246d2d60d071314842fa448faa4ed39082aff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/428d940a8b6b3350b282c14d3f63350bde65c48b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a1216e62d039bf63a539bbe718536ec789a853dd", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41064", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:21:59.237031Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:32:58.925Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/033c51dfdbb6b79ab43fb3587276fa82d0a329e1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4fad7fef847b6028475dd7b4c14fcb82b3e51274", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4bc246d2d60d071314842fa448faa4ed39082aff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/428d940a8b6b3350b282c14d3f63350bde65c48b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a1216e62d039bf63a539bbe718536ec789a853dd", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:51.169Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41064", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:21:59.237031Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:13.882Z"}}], "cna": {"title": "powerpc/eeh: avoid possible crash when edev->pdev changes", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "8836e1bf5838", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "033c51dfdbb6", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "4fad7fef847b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "4bc246d2d60d", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "f23c3d1ca9c4", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "428d940a8b6b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "a1216e62d039", "versionType": "git"}], "programFiles": ["arch/powerpc/kernel/eeh_pe.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.4.281", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.223", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.164", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.101", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.42", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.11", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/powerpc/kernel/eeh_pe.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3"}, {"url": "https://git.kernel.org/stable/c/033c51dfdbb6b79ab43fb3587276fa82d0a329e1"}, {"url": "https://git.kernel.org/stable/c/4fad7fef847b6028475dd7b4c14fcb82b3e51274"}, {"url": "https://git.kernel.org/stable/c/4bc246d2d60d071314842fa448faa4ed39082aff"}, {"url": "https://git.kernel.org/stable/c/f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5"}, {"url": "https://git.kernel.org/stable/c/428d940a8b6b3350b282c14d3f63350bde65c48b"}, {"url": "https://git.kernel.org/stable/c/a1216e62d039bf63a539bbe718536ec789a853dd"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/eeh: avoid possible crash when edev->pdev changes\n\nIf a PCI device is removed during eeh_pe_report_edev(), edev->pdev\nwill change and can cause a crash, hold the PCI rescan/remove lock\nwhile taking a copy of edev->pdev->bus."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T14:57:26.086Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41064", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:32:58.925Z", "dateReserved": "2024-07-12T12:17:45.628Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T14:57:26.086Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCD1D392-BEF8-4D8D-B191-C64E1875241F", "versionEndExcluding": "5.4.281", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "12CD4E48-26A1-40B4-AF6A-1CC066193F4C", "versionEndExcluding": "5.10.223", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D6B1E23-6E6C-4761-ACD4-EA687A95F56F", "versionEndExcluding": "5.15.164", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B46438B-72B8-4053-8554-94AED3EB13EB", "versionEndExcluding": "6.1.101", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "972274A2-D688-4C37-BE42-689B58B4C225", "versionEndExcluding": "6.6.42", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "01E300B3-8B39-4A2D-8B03-4631433D3915", "versionEndExcluding": "6.9.11", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/eeh: avoid possible crash when edev->pdev changes\n\nIf a PCI device is removed during eeh_pe_report_edev(), edev->pdev\nwill change and can cause a crash, hold the PCI rescan/remove lock\nwhile taking a copy of edev->pdev->bus."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/eeh: evita un posible bloqueo cuando cambia edev->pdev Si se elimina un dispositivo PCI durante eeh_pe_report_edev(), edev->pdev cambiar\u00e1 y puede causar un bloqueo, mantenga presionado el bot\u00f3n PCI vuelve a escanear/quitar bloqueo mientras se toma una copia de edev->pdev->bus."}], "id": "CVE-2024-41064", "lastModified": "2024-11-21T09:32:10.330", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-29T15:15:14.330", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/033c51dfdbb6b79ab43fb3587276fa82d0a329e1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/428d940a8b6b3350b282c14d3f63350bde65c48b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4bc246d2d60d071314842fa448faa4ed39082aff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4fad7fef847b6028475dd7b4c14fcb82b3e51274"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a1216e62d039bf63a539bbe718536ec789a853dd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/033c51dfdbb6b79ab43fb3587276fa82d0a329e1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/428d940a8b6b3350b282c14d3f63350bde65c48b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4bc246d2d60d071314842fa448faa4ed39082aff"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4fad7fef847b6028475dd7b4c14fcb82b3e51274"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a1216e62d039bf63a539bbe718536ec789a853dd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:8613", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.90.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-30T00:00:00Z"}], "bugzilla": {"description": "kernel: powerpc/eeh: avoid possible crash when edev->pdev changes", "id": "2300439", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300439"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-413", "details": ["In the Linux kernel, the following vulnerability has been resolved:\npowerpc/eeh: avoid possible crash when edev->pdev changes\nIf a PCI device is removed during eeh_pe_report_edev(), edev->pdev\nwill change and can cause a crash, hold the PCI rescan/remove lock\nwhile taking a copy of edev->pdev->bus."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-41064", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41064\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41064\nhttps://lore.kernel.org/linux-cve-announce/2024072907-CVE-2024-41064-6ecb@gregkh/T"], "statement": "Following issue marked as moderate with \"not affected or will not fix\" for Red Hat Enterprise Linux, as it is not vulnerable to this CVE. This is because the CVE does not impact the versions or configurations of the Linux kernel used in Red Hat's distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.4.281, kernel 5.10.223, kernel 5.15.164, kernel 6.1.101, kernel 6.6.42, kernel 6.9.11, kernel 6.10"}