{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-43877", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-17T09:11:59.281Z", "datePublished": "2024-08-21T00:06:29.330Z", "dateUpdated": "2025-11-03T22:06:27.712Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-29T13:18:58.549Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: ivtv: Add check for DMA map result\n\nIn case DMA fails, 'dma->SG_length' is 0. This value is later used to\naccess 'dma->SGarray[dma->SG_length - 1]', which will cause out of\nbounds access.\n\nAdd check to return early on invalid value. Adjust warnings accordingly.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/pci/ivtv/ivtv-udma.c", "drivers/media/pci/ivtv/ivtv-yuv.c", "drivers/media/pci/ivtv/ivtvfb.c"], "versions": [{"version": "4551236b55e80b2c1720b10b77e9400118b2339e", "lessThan": "38f72c7e7c6b55614f9407555fd5ce9d019b0fa4", "status": "affected", "versionType": "git"}, {"version": "66c8a83bf1de2eb3eea4734c7eda22255a965f11", "lessThan": "81d0664bed91a858c7b50c263954b59d65f1b414", "status": "affected", "versionType": "git"}, {"version": "1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1", "lessThan": "24062aa7407091dee3e45a8e8037df437e848718", "status": "affected", "versionType": "git"}, {"version": "1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1", "lessThan": "3d8fd92939e21ff0d45100ab208f8124af79402a", "status": "affected", "versionType": "git"}, {"version": "1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1", "lessThan": "c766065e8272085ea9c436414b7ddf1f12e7787b", "status": "affected", "versionType": "git"}, {"version": "1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1", "lessThan": "629913d6d79508b166c66e07e4857e20233d85a9", "status": "affected", "versionType": "git"}, {"version": "1b00b7335000c0e107f774cc8ee4d5340f824f28", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/pci/ivtv/ivtv-udma.c", "drivers/media/pci/ivtv/ivtv-yuv.c", "drivers/media/pci/ivtv/ivtvfb.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.103", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.44", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.3", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.103"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.6.44"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.10.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.301"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/38f72c7e7c6b55614f9407555fd5ce9d019b0fa4"}, {"url": "https://git.kernel.org/stable/c/81d0664bed91a858c7b50c263954b59d65f1b414"}, {"url": "https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718"}, {"url": "https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a"}, {"url": "https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b"}, {"url": "https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9"}], "title": "media: pci: ivtv: Add check for DMA map result", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43877", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:06:00.730463Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:17.774Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:06:27.712Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43877", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:06:00.730463Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:22.617Z"}}], "cna": {"title": "media: pci: ivtv: Add check for DMA map result", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4551236b55e80b2c1720b10b77e9400118b2339e", "lessThan": "38f72c7e7c6b55614f9407555fd5ce9d019b0fa4", "versionType": "git"}, {"status": "affected", "version": "66c8a83bf1de2eb3eea4734c7eda22255a965f11", "lessThan": "81d0664bed91a858c7b50c263954b59d65f1b414", "versionType": "git"}, {"status": "affected", "version": "1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1", "lessThan": "24062aa7407091dee3e45a8e8037df437e848718", "versionType": "git"}, {"status": "affected", "version": "1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1", "lessThan": "3d8fd92939e21ff0d45100ab208f8124af79402a", "versionType": "git"}, {"status": "affected", "version": "1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1", "lessThan": "c766065e8272085ea9c436414b7ddf1f12e7787b", "versionType": "git"}, {"status": "affected", "version": "1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1", "lessThan": "629913d6d79508b166c66e07e4857e20233d85a9", "versionType": "git"}, {"status": "affected", "version": "1b00b7335000c0e107f774cc8ee4d5340f824f28", "versionType": "git"}], "programFiles": ["drivers/media/pci/ivtv/ivtv-udma.c", "drivers/media/pci/ivtv/ivtv-yuv.c", "drivers/media/pci/ivtv/ivtvfb.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.16"}, {"status": "unaffected", "version": "0", "lessThan": "5.16", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.103", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.44", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.3", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/media/pci/ivtv/ivtv-udma.c", "drivers/media/pci/ivtv/ivtv-yuv.c", "drivers/media/pci/ivtv/ivtvfb.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/38f72c7e7c6b55614f9407555fd5ce9d019b0fa4"}, {"url": "https://git.kernel.org/stable/c/81d0664bed91a858c7b50c263954b59d65f1b414"}, {"url": "https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718"}, {"url": "https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a"}, {"url": "https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b"}, {"url": "https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: ivtv: Add check for DMA map result\n\nIn case DMA fails, 'dma->SG_length' is 0. This value is later used to\naccess 'dma->SGarray[dma->SG_length - 1]', which will cause out of\nbounds access.\n\nAdd check to return early on invalid value. Adjust warnings accordingly.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.103", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.44", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10.3", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.11", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "5.4.301"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-29T13:18:58.549Z"}}}, "cveMetadata": {"cveId": "CVE-2024-43877", "state": "PUBLISHED", "dateUpdated": "2025-10-29T13:18:58.549Z", "dateReserved": "2024-08-17T09:11:59.281Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-21T00:06:29.330Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E45EAC72-8329-4F99-8276-86AF9BB3496A", "versionEndExcluding": "6.1.103", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC912330-6B41-4C6B-99AF-F3857FBACB6A", "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D", "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: ivtv: Add check for DMA map result\n\nIn case DMA fails, 'dma->SG_length' is 0. This value is later used to\naccess 'dma->SGarray[dma->SG_length - 1]', which will cause out of\nbounds access.\n\nAdd check to return early on invalid value. Adjust warnings accordingly.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: medios: pci: ivtv: Agregar verificaci\u00f3n para el resultado del mapa DMA En caso de que DMA falle, 'dma->SG_length' es 0. Este valor se usa luego para acceder a 'dma->SGarray [dma->SG_length - 1]', lo que provocar\u00e1 un acceso fuera de los l\u00edmites. Agregue un cheque para devolver anticipadamente un valor no v\u00e1lido. Ajuste las advertencias en consecuencia. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE."}], "id": "CVE-2024-43877", "lastModified": "2025-11-03T22:18:15.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-21T01:15:12.033", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/38f72c7e7c6b55614f9407555fd5ce9d019b0fa4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/81d0664bed91a858c7b50c263954b59d65f1b414"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: media: pci: ivtv: Add check for DMA map result", "id": "2306371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2306371"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmedia: pci: ivtv: Add check for DMA map result\nIn case DMA fails, 'dma->SG_length' is 0. This value is later used to\naccess 'dma->SGarray[dma->SG_length - 1]', which will cause out of\nbounds access.\nAdd check to return early on invalid value. Adjust warnings accordingly.\nFound by Linux Verification Center (linuxtesting.org) with SVACE."], "name": "CVE-2024-43877", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-43877\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-43877\nhttps://lore.kernel.org/linux-cve-announce/2024082137-CVE-2024-43877-e8e4@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-07-12T16:01:19.526572+00:00", "updated": "2025-07-12T16:01:19.526619+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}