{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-49954", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T12:17:06.047Z", "datePublished": "2024-10-21T18:02:09.064Z", "dateUpdated": "2024-11-05T09:52:14.358Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:52:14.358Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstatic_call: Replace pointless WARN_ON() in static_call_module_notify()\n\nstatic_call_module_notify() triggers a WARN_ON(), when memory allocation\nfails in __static_call_add_module().\n\nThat's not really justified, because the failure case must be correctly\nhandled by the well known call chain and the error code is passed\nthrough to the initiating userspace application.\n\nA memory allocation fail is not a fatal problem, but the WARN_ON() takes\nthe machine out when panic_on_warn is set.\n\nReplace it with a pr_warn()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/static_call_inline.c"], "versions": [{"version": "9183c3f9ed71", "lessThan": "bc9356513d56", "status": "affected", "versionType": "git"}, {"version": "9183c3f9ed71", "lessThan": "ea2cdf4da093", "status": "affected", "versionType": "git"}, {"version": "9183c3f9ed71", "lessThan": "e67534bd31d7", "status": "affected", "versionType": "git"}, {"version": "9183c3f9ed71", "lessThan": "85a104aaef1f", "status": "affected", "versionType": "git"}, {"version": "9183c3f9ed71", "lessThan": "b83bef74c121", "status": "affected", "versionType": "git"}, {"version": "9183c3f9ed71", "lessThan": "fe513c2ef0a1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/static_call_inline.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.168", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.113", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.55", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.14", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.3", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/bc9356513d56b688775497b7ac6f2b967f46a80c"}, {"url": "https://git.kernel.org/stable/c/ea2cdf4da093d0482f0ef36ba971e2e0c7673425"}, {"url": "https://git.kernel.org/stable/c/e67534bd31d79952b50e791e92adf0b3e6c13b8c"}, {"url": "https://git.kernel.org/stable/c/85a104aaef1f56623acc10ba4c42d5f046ba65b7"}, {"url": "https://git.kernel.org/stable/c/b83bef74c121a3311240fc4002d23486b85355e4"}, {"url": "https://git.kernel.org/stable/c/fe513c2ef0a172a58f158e2e70465c4317f0a9a2"}], "title": "static_call: Replace pointless WARN_ON() in static_call_module_notify()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-49954", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:35:58.998155Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:38:48.704Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-49954", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T12:17:06.047Z", "datePublished": "2024-10-21T18:02:09.064Z", "dateUpdated": "2024-10-21T18:02:09.064Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-10-21T18:02:09.064Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstatic_call: Replace pointless WARN_ON() in static_call_module_notify()\n\nstatic_call_module_notify() triggers a WARN_ON(), when memory allocation\nfails in __static_call_add_module().\n\nThat's not really justified, because the failure case must be correctly\nhandled by the well known call chain and the error code is passed\nthrough to the initiating userspace application.\n\nA memory allocation fail is not a fatal problem, but the WARN_ON() takes\nthe machine out when panic_on_warn is set.\n\nReplace it with a pr_warn()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/static_call_inline.c"], "versions": [{"version": "9183c3f9ed71", "lessThan": "bc9356513d56", "status": "affected", "versionType": "git"}, {"version": "9183c3f9ed71", "lessThan": "ea2cdf4da093", "status": "affected", "versionType": "git"}, {"version": "9183c3f9ed71", "lessThan": "e67534bd31d7", "status": "affected", "versionType": "git"}, {"version": "9183c3f9ed71", "lessThan": "85a104aaef1f", "status": "affected", "versionType": "git"}, {"version": "9183c3f9ed71", "lessThan": "b83bef74c121", "status": "affected", "versionType": "git"}, {"version": "9183c3f9ed71", "lessThan": "fe513c2ef0a1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/static_call_inline.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.168", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.113", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.55", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10.14", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.11.3", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.12-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/bc9356513d56b688775497b7ac6f2b967f46a80c"}, {"url": "https://git.kernel.org/stable/c/ea2cdf4da093d0482f0ef36ba971e2e0c7673425"}, {"url": "https://git.kernel.org/stable/c/e67534bd31d79952b50e791e92adf0b3e6c13b8c"}, {"url": "https://git.kernel.org/stable/c/85a104aaef1f56623acc10ba4c42d5f046ba65b7"}, {"url": "https://git.kernel.org/stable/c/b83bef74c121a3311240fc4002d23486b85355e4"}, {"url": "https://git.kernel.org/stable/c/fe513c2ef0a172a58f158e2e70465c4317f0a9a2"}], "title": "static_call: Replace pointless WARN_ON() in static_call_module_notify()", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-49954", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:35:58.998155Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-10-22T13:36:02.976Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "243E517F-E8D1-4CB4-B5E1-099330E2800C", "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0", "versionEndExcluding": "6.6.55", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021", "versionEndExcluding": "6.10.14", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9", "versionEndExcluding": "6.11.3", "versionStartIncluding": "6.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstatic_call: Replace pointless WARN_ON() in static_call_module_notify()\n\nstatic_call_module_notify() triggers a WARN_ON(), when memory allocation\nfails in __static_call_add_module().\n\nThat's not really justified, because the failure case must be correctly\nhandled by the well known call chain and the error code is passed\nthrough to the initiating userspace application.\n\nA memory allocation fail is not a fatal problem, but the WARN_ON() takes\nthe machine out when panic_on_warn is set.\n\nReplace it with a pr_warn()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: static_call: Reemplazar WARN_ON() sin sentido en static_call_module_notify() static_call_module_notify() activa un WARN_ON() cuando la asignaci\u00f3n de memoria fallo en __static_call_add_module(). Esto no est\u00e1 realmente justificado, porque el caso de fallo debe ser manejado correctamente por la cadena de llamadas conocida y el c\u00f3digo de error se pasa a la aplicaci\u00f3n de espacio de usuario que la inicia. Un error en la asignaci\u00f3n de memoria no es un problema fatal, pero WARN_ON() deja fuera de servicio la m\u00e1quina cuando se establece panic_on_warn. Reempl\u00e1zalo con un pr_warn()."}], "id": "CVE-2024-49954", "lastModified": "2024-11-07T19:16:01.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T18:15:16.753", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/85a104aaef1f56623acc10ba4c42d5f046ba65b7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b83bef74c121a3311240fc4002d23486b85355e4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bc9356513d56b688775497b7ac6f2b967f46a80c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e67534bd31d79952b50e791e92adf0b3e6c13b8c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ea2cdf4da093d0482f0ef36ba971e2e0c7673425"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fe513c2ef0a172a58f158e2e70465c4317f0a9a2"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: static_call: Replace pointless WARN_ON() in static_call_module_notify()", "id": "2320546", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320546"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nstatic_call: Replace pointless WARN_ON() in static_call_module_notify()\nstatic_call_module_notify() triggers a WARN_ON(), when memory allocation\nfails in __static_call_add_module().\nThat's not really justified, because the failure case must be correctly\nhandled by the well known call chain and the error code is passed\nthrough to the initiating userspace application.\nA memory allocation fail is not a fatal problem, but the WARN_ON() takes\nthe machine out when panic_on_warn is set.\nReplace it with a pr_warn()."], "name": "CVE-2024-49954", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-49954\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-49954\nhttps://lore.kernel.org/linux-cve-announce/2024102130-CVE-2024-49954-cea5@gregkh/T"], "threat_severity": "Moderate"}