CVE-2024-50089 - Vulnerability Details

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2024110548-CVE-2024-50089-d96d@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-50089
https://www.cve.org/CVERecord?id=CVE-2024-50089

History

Tue, 25 Feb 2025 02:15:00 +0000

Type	Values Removed	Values Added
Title	kernel: unicode: Don't special case ignorable code points	kernel: unicode: Don't special case ignorable code points

Thu, 13 Feb 2025 00:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1186

Thu, 12 Dec 2024 16:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	NVD-CWE-noinfo
CPEs	cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
Vendors & Products	Linux Linux linux Kernel
References	https://git.kernel.org/stable/c/18b5f47e7da46d3a0d7331e48befcaf151ed2ddf https://git.kernel.org/stable/c/21526498d25e54bda3c650f756493d63fd9131b7 https://git.kernel.org/stable/c/39fffca572844d733b137a0ff9eacd67b9b0c8e3 https://git.kernel.org/stable/c/5c26d2f1d3f5e4be3e196526bead29ecb139cf91 https://git.kernel.org/stable/c/651b954cd8d5b0a358ceb47c93876bb6201224e4 https://git.kernel.org/stable/c/876d3577a5b353e482d9228d45fa0d82bf1af53a https://git.kernel.org/stable/c/ac20736861f3c9c8e0a78273a4c57e9bcb0d8cc6

Thu, 12 Dec 2024 15:45:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: unicode: Don't special case ignorable code points We don't need to handle them separately. Instead, just let them decompose/casefold to themselves.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Title	unicode: Don't special case ignorable code points	kernel: unicode: Don't special case ignorable code points

Wed, 13 Nov 2024 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
Vendors & Products		Linux Linux linux Kernel

Fri, 08 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/18b5f47e7da46d3a0d7331e48befcaf151ed2ddf

Wed, 06 Nov 2024 13:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024110548-CVE-2024-50089-d96d@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-50089 https://www.cve.org/CVERecord?id=CVE-2024-50089
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Tue, 05 Nov 2024 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: unicode: Don't special case ignorable code points We don't need to handle them separately. Instead, just let them decompose/casefold to themselves.
Title		unicode: Don't special case ignorable code points
References		https://git.kernel.org/stable/c/21526498d25e54bda3c650f756493d63fd9131b7 https://git.kernel.org/stable/c/39fffca572844d733b137a0ff9eacd67b9b0c8e3 https://git.kernel.org/stable/c/5c26d2f1d3f5e4be3e196526bead29ecb139cf91 https://git.kernel.org/stable/c/651b954cd8d5b0a358ceb47c93876bb6201224e4 https://git.kernel.org/stable/c/876d3577a5b353e482d9228d45fa0d82bf1af53a https://git.kernel.org/stable/c/ac20736861f3c9c8e0a78273a4c57e9bcb0d8cc6

MITRE

Status: REJECTED

Assigner: Linux

Published: 2024-11-05T17:04:53.777Z

Updated: 2024-12-12T15:19:37.149Z

Reserved: 2024-10-21T19:36:19.942Z

Link: CVE-2024-50089

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2024-11-05T17:15:06.410

Modified: 2024-12-12T16:15:43.107

Link: CVE-2024-50089

Redhat

Severity : Moderate

Publid Date: 2024-11-05T00:00:00Z

Links: CVE-2024-50089 - Bugzilla

{"bugzilla": {"description": "kernel: unicode: Don't special case ignorable code points", "id": "2323915", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323915"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1186", "details": ["[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved:\nunicode: Don't special case ignorable code points\nWe don't need to handle them separately. Instead, just let them\ndecompose/casefold to themselves."], "name": "CVE-2024-50089", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-11-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-50089\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-50089\nhttps://lore.kernel.org/linux-cve-announce/2024110548-CVE-2024-50089-d96d@gregkh/T"], "statement": "This CVE has been rejected upstream:\nhttps://lore.kernel.org/linux-cve-announce/2024121241-REJECTED-ea72@gregkh/\nRed Hat has also evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. \nAs such, this CVE has been marked as \"Rejected\" in alignment with Red Hat's vulnerability management policies.\nIf you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification.", "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object