{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42094", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.172Z", "datePublished": "2024-07-29T17:39:30.191Z", "dateUpdated": "2024-11-05T09:37:17.482Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:37:17.482Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: Avoid explicit cpumask var allocation on stack\n\nFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask\nvariable on stack is not recommended since it can cause potential stack\noverflow.\n\nInstead, kernel code should always use *cpumask_var API(s) to allocate\ncpumask var in config-neutral way, leaving allocation strategy to\nCONFIG_CPUMASK_OFFSTACK.\n\nUse *cpumask_var API(s) to address it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/iucv/iucv.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "2b085521be52", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "842afb47d845", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "9dadab0db7d9", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "0af718a690ac", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "d85ca8179a54", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "724e7965af05", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "2d090c7f7be3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "be4e1304419c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/iucv/iucv.c"], "versions": [{"version": "4.19.317", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.97", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.37", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.8", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/2b085521be5292016097b5e7ca81b26be3f7098d"}, {"url": "https://git.kernel.org/stable/c/842afb47d84536fc976fece8fb6c54bea711ad1a"}, {"url": "https://git.kernel.org/stable/c/9dadab0db7d904413ea1cdaa13f127da05c31e71"}, {"url": "https://git.kernel.org/stable/c/0af718a690acc089aa1bbb95a93df833d864ef53"}, {"url": "https://git.kernel.org/stable/c/d85ca8179a54ff8cf1e1f8c3c9e3799831319bae"}, {"url": "https://git.kernel.org/stable/c/724e7965af054079242b8d6f7e50ee226730a756"}, {"url": "https://git.kernel.org/stable/c/2d090c7f7be3b26fcb80ac04d08a4a8062b1d959"}, {"url": "https://git.kernel.org/stable/c/be4e1304419c99a164b4c0e101c7c2a756b635b9"}], "title": "net/iucv: Avoid explicit cpumask var allocation on stack", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.053Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2b085521be5292016097b5e7ca81b26be3f7098d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/842afb47d84536fc976fece8fb6c54bea711ad1a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9dadab0db7d904413ea1cdaa13f127da05c31e71", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0af718a690acc089aa1bbb95a93df833d864ef53", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d85ca8179a54ff8cf1e1f8c3c9e3799831319bae", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/724e7965af054079242b8d6f7e50ee226730a756", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2d090c7f7be3b26fcb80ac04d08a4a8062b1d959", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/be4e1304419c99a164b4c0e101c7c2a756b635b9", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42094", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:18:27.973708Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:32:49.342Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2b085521be5292016097b5e7ca81b26be3f7098d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/842afb47d84536fc976fece8fb6c54bea711ad1a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9dadab0db7d904413ea1cdaa13f127da05c31e71", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0af718a690acc089aa1bbb95a93df833d864ef53", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d85ca8179a54ff8cf1e1f8c3c9e3799831319bae", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/724e7965af054079242b8d6f7e50ee226730a756", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2d090c7f7be3b26fcb80ac04d08a4a8062b1d959", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/be4e1304419c99a164b4c0e101c7c2a756b635b9", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.053Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42094", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:18:27.973708Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:12.804Z"}}], "cna": {"title": "net/iucv: Avoid explicit cpumask var allocation on stack", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "2b085521be52", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "842afb47d845", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "9dadab0db7d9", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "0af718a690ac", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "d85ca8179a54", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "724e7965af05", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "2d090c7f7be3", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "be4e1304419c", "versionType": "git"}], "programFiles": ["net/iucv/iucv.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.19.317", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.279", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.221", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.162", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.97", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.37", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.8", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/iucv/iucv.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/2b085521be5292016097b5e7ca81b26be3f7098d"}, {"url": "https://git.kernel.org/stable/c/842afb47d84536fc976fece8fb6c54bea711ad1a"}, {"url": "https://git.kernel.org/stable/c/9dadab0db7d904413ea1cdaa13f127da05c31e71"}, {"url": "https://git.kernel.org/stable/c/0af718a690acc089aa1bbb95a93df833d864ef53"}, {"url": "https://git.kernel.org/stable/c/d85ca8179a54ff8cf1e1f8c3c9e3799831319bae"}, {"url": "https://git.kernel.org/stable/c/724e7965af054079242b8d6f7e50ee226730a756"}, {"url": "https://git.kernel.org/stable/c/2d090c7f7be3b26fcb80ac04d08a4a8062b1d959"}, {"url": "https://git.kernel.org/stable/c/be4e1304419c99a164b4c0e101c7c2a756b635b9"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: Avoid explicit cpumask var allocation on stack\n\nFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask\nvariable on stack is not recommended since it can cause potential stack\noverflow.\n\nInstead, kernel code should always use *cpumask_var API(s) to allocate\ncpumask var in config-neutral way, leaving allocation strategy to\nCONFIG_CPUMASK_OFFSTACK.\n\nUse *cpumask_var API(s) to address it."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:37:17.482Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42094", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:37:17.482Z", "dateReserved": "2024-07-29T15:50:41.172Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T17:39:30.191Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD25C2E5-C116-4160-BA6D-CE9B0D10AE3E", "versionEndExcluding": "4.19.317", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4E38E58-1B9F-4DF2-AD3D-A8BEAA2959D8", "versionEndExcluding": "5.4.279", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "659E1520-6345-41AF-B893-A7C0647585A0", "versionEndExcluding": "5.10.221", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5", "versionEndExcluding": "5.15.162", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "748B6C4B-1F61-47F9-96CC-8899B8412D84", "versionEndExcluding": "6.1.97", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D72E033B-5323-4C4D-8818-36E1EBC3535F", "versionEndExcluding": "6.6.37", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E95105F2-32E3-4C5F-9D18-7AEFD0E6275C", "versionEndExcluding": "6.9.8", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/iucv: Avoid explicit cpumask var allocation on stack\n\nFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask\nvariable on stack is not recommended since it can cause potential stack\noverflow.\n\nInstead, kernel code should always use *cpumask_var API(s) to allocate\ncpumask var in config-neutral way, leaving allocation strategy to\nCONFIG_CPUMASK_OFFSTACK.\n\nUse *cpumask_var API(s) to address it."}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/iucv: evite la asignaci\u00f3n expl\u00edcita de la variable cpumask en la pila. Para el kernel CONFIG_CPUMASK_OFFSTACK=y, no se recomienda la asignaci\u00f3n expl\u00edcita de la variable cpumask en la pila, ya que puede causar un posible desbordamiento de la pila. En su lugar, el c\u00f3digo del kernel siempre debe usar las API *cpumask_var para asignar cpumask var de manera neutral en cuanto a configuraci\u00f3n, dejando la estrategia de asignaci\u00f3n a CONFIG_CPUMASK_OFFSTACK. Utilice las API *cpumask_var para solucionarlo."}], "id": "CVE-2024-42094", "lastModified": "2024-11-21T09:33:35.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-29T18:15:11.917", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0af718a690acc089aa1bbb95a93df833d864ef53"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2b085521be5292016097b5e7ca81b26be3f7098d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2d090c7f7be3b26fcb80ac04d08a4a8062b1d959"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/724e7965af054079242b8d6f7e50ee226730a756"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/842afb47d84536fc976fece8fb6c54bea711ad1a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9dadab0db7d904413ea1cdaa13f127da05c31e71"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/be4e1304419c99a164b4c0e101c7c2a756b635b9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d85ca8179a54ff8cf1e1f8c3c9e3799831319bae"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0af718a690acc089aa1bbb95a93df833d864ef53"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2b085521be5292016097b5e7ca81b26be3f7098d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2d090c7f7be3b26fcb80ac04d08a4a8062b1d959"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/724e7965af054079242b8d6f7e50ee226730a756"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/842afb47d84536fc976fece8fb6c54bea711ad1a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9dadab0db7d904413ea1cdaa13f127da05c31e71"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/be4e1304419c99a164b4c0e101c7c2a756b635b9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d85ca8179a54ff8cf1e1f8c3c9e3799831319bae"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}], "bugzilla": {"description": "kernel: net/iucv: Avoid explicit cpumask var allocation on stack", "id": "2300709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300709"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-121", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet/iucv: Avoid explicit cpumask var allocation on stack\nFor CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask\nvariable on stack is not recommended since it can cause potential stack\noverflow.\nInstead, kernel code should always use *cpumask_var API(s) to allocate\ncpumask var in config-neutral way, leaving allocation strategy to\nCONFIG_CPUMASK_OFFSTACK.\nUse *cpumask_var API(s) to address it."], "name": "CVE-2024-42094", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42094\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42094\nhttps://lore.kernel.org/linux-cve-announce/2024072911-CVE-2024-42094-135f@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 4.19.317, kernel 5.4.279, kernel 5.10.221, kernel 5.15.162, kernel 6.1.97, kernel 6.6.37, kernel 6.9.8, kernel 6.10"}