This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

References
Link Providers
https://lore.kernel.org/linux-cve-announce/2024102104-CVE-2024-47725-f698@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-47725 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-47725 cve-icon
History

Thu, 24 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-754
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Wed, 23 Oct 2024 07:15:00 +0000

Type Values Removed Values Added
Title dm-verity: restart or panic on an I/O error kernel: dm-verity: restart or panic on an I/O error
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 23 Oct 2024 06:30:00 +0000

Type Values Removed Values Added
References

Wed, 23 Oct 2024 06:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: dm-verity: restart or panic on an I/O error Maxim Suhanov reported that dm-verity doesn't crash if an I/O error happens. In theory, this could be used to subvert security, because an attacker can create sectors that return error with the Write Uncorrectable command. Some programs may misbehave if they have to deal with EIO. This commit fixes dm-verity, so that if "panic_on_corruption" or "restart_on_corruption" was specified and an I/O error happens, the machine will panic or restart. This commit also changes kernel_restart to emergency_restart - kernel_restart calls reboot notifiers and these reboot notifiers may wait for the bio that failed. emergency_restart doesn't call the notifiers. This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Tue, 22 Oct 2024 01:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Mon, 21 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 21 Oct 2024 12:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: dm-verity: restart or panic on an I/O error Maxim Suhanov reported that dm-verity doesn't crash if an I/O error happens. In theory, this could be used to subvert security, because an attacker can create sectors that return error with the Write Uncorrectable command. Some programs may misbehave if they have to deal with EIO. This commit fixes dm-verity, so that if "panic_on_corruption" or "restart_on_corruption" was specified and an I/O error happens, the machine will panic or restart. This commit also changes kernel_restart to emergency_restart - kernel_restart calls reboot notifiers and these reboot notifiers may wait for the bio that failed. emergency_restart doesn't call the notifiers.
Title dm-verity: restart or panic on an I/O error
References
cve-icon MITRE

Status: REJECTED

Assigner: Linux

Published: 2024-10-21T12:13:58.942Z

Updated: 2024-10-23T06:07:36.698Z

Reserved: 2024-09-30T16:00:12.957Z

Link: CVE-2024-47725

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2024-10-21T13:15:02.673

Modified: 2024-10-23T06:15:05.200

Link: CVE-2024-47725

cve-icon Redhat

Severity : Low

Publid Date: 2024-10-21T00:00:00Z

Links: CVE-2024-47725 - Bugzilla