In the Linux kernel, the following vulnerability has been resolved:

s390/dasd: Fix invalid dereferencing of indirect CCW data pointer

Fix invalid dereferencing of indirect CCW data pointer in
dasd_eckd_dump_sense() that leads to a kernel panic in error cases.

When using indirect addressing for DASD CCWs (IDAW) the CCW CDA pointer
does not contain the data address itself but a pointer to the IDAL.
This needs to be translated from physical to virtual as well before
using it.

This dereferencing is also used for dasd_page_cache and also fixed
although it is very unlikely that this code path ever gets used.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 25 Sep 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*

Tue, 05 Nov 2024 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 12 Sep 2024 08:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 11 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 22 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-404

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-05-04T09:22:58.973Z

Reserved: 2024-07-29T15:50:41.173Z

Link: CVE-2024-42099

cve-icon Vulnrichment

Updated: 2024-08-02T04:54:31.742Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-30T08:15:02.503

Modified: 2025-09-25T20:13:18.980

Link: CVE-2024-42099

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-07-30T00:00:00Z

Links: CVE-2024-42099 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T23:05:53Z