CVE-2024-42093

Published: Jul 29, 2024Modified: May 12, 2026

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Exploitability: 1.8 / Impact: 5.5

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code should always use *cpumask_var API(s) to allocate cpumask var in config-neutral way, leaving allocation strategy to CONFIG_CPUMASK_OFFSTACK. Use *cpumask_var API(s) to address it.

Affected (6)

Products: Linux: Linux Kernel

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.4.279
Linux Linux Kernel	From 5.11 to 5.15.162
Linux Linux Kernel	From 5.16 to 6.1.97
Linux Linux Kernel	From 5.5 to 5.10.221
Linux Linux Kernel	From 6.2 to 6.6.37
Linux Linux Kernel	From 6.7 to 6.9.8

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (18)

https://git.kernel.org/stable/c/48147337d7efdea6ad6e49f5b8eb894b95868ef0

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/5e4f25091e6d06e99a23f724c839a58a8776a527

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/69f49527aea12c23b78fb3d0a421950bf44fb4e2

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/763896ab62a672d728f5eb10ac90d98c607a8509

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/a55afc0f5f20ba30970aaf7271929dc00eee5e7d

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/b2262b3be27cee334a2fa175ae3afb53f38fb0b1

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/d33fe1714a44ff540629b149d8fab4ac6967585c

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/48147337d7efdea6ad6e49f5b8eb894b95868ef0

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/5e4f25091e6d06e99a23f724c839a58a8776a527

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/69f49527aea12c23b78fb3d0a421950bf44fb4e2

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/763896ab62a672d728f5eb10ac90d98c607a8509

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/a55afc0f5f20ba30970aaf7271929dc00eee5e7d

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/b2262b3be27cee334a2fa175ae3afb53f38fb0b1

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/d33fe1714a44ff540629b149d8fab4ac6967585c

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

https://cert-portal.siemens.com/productcert/html/ssa-355557.html

Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

https://cert-portal.siemens.com/productcert/html/ssa-613116.html

Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

Timeline

No history available yet.