CVE-2024-42258 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines Yves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don't force huge page alignment on 32 bit") didn't work for x86_32 [1]. It is because x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT. !CONFIG_64BIT should cover all 32 bit machines. [1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://git.kernel.org/stable/c/7e1f4efb8d6140b2ec79bf760c43e1fc186e8dfc
https://git.kernel.org/stable/c/89f2914dd4b47d2fad3deef0d700f9526d98d11f
https://git.kernel.org/stable/c/a5c399fe433a115e9d3693169b5f357f3194af0a
https://git.kernel.org/stable/c/d9592025000b3cf26c742f3505da7b83aedc26d5
https://lore.kernel.org/linux-cve-announce/2024081216-CVE-2024-42258-e3f3@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-42258
https://www.cve.org/CVERecord?id=CVE-2024-42258

History

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 14 Aug 2024 14:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/89f2914dd4b47d2fad3deef0d700f9526d98d11f https://git.kernel.org/stable/c/a5c399fe433a115e9d3693169b5f357f3194af0a

Tue, 13 Aug 2024 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-770
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel

Mon, 12 Aug 2024 21:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024081216-CVE-2024-42258-e3f3@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-42258 https://www.cve.org/CVERecord?id=CVE-2024-42258
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Mon, 12 Aug 2024 14:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines Yves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don't force huge page alignment on 32 bit") didn't work for x86_32 [1]. It is because x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT. !CONFIG_64BIT should cover all 32 bit machines. [1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/
Title		mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines
References		https://git.kernel.org/stable/c/7e1f4efb8d6140b2ec79bf760c43e1fc186e8dfc https://git.kernel.org/stable/c/d9592025000b3cf26c742f3505da7b83aedc26d5

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-08-12T14:16:13.227Z

Updated: 2024-09-15T17:52:21.431Z

Reserved: 2024-07-30T07:40:12.257Z

Link: CVE-2024-42258

Vulnrichment

Updated: 2024-09-11T12:42:24.013Z

NVD

Status : Modified

Published: 2024-08-12T15:15:20.983

Modified: 2024-08-14T14:15:27.727

Link: CVE-2024-42258

Redhat

Severity : Low

Publid Date: 2024-08-12T00:00:00Z

Links: CVE-2024-42258 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object