CVE-2024-53106
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
02/12/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ima: fix buffer overrun in ima_eventdigest_init_common<br />
<br />
Function ima_eventdigest_init() calls ima_eventdigest_init_common()<br />
with HASH_ALGO__LAST which is then used to access the array<br />
hash_digest_size[] leading to buffer overrun. Have a conditional<br />
statement to handle this.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.19.1 (including) | 6.1.119 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.63 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.11.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.19:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.19:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.19:rc8:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1ecf0df5205cfb0907eb7984b8671257965a5232
- https://git.kernel.org/stable/c/8a84765c62cc0469864e2faee43aae253ad16082
- https://git.kernel.org/stable/c/923168a0631bc42fffd55087b337b1b6c54dcff5
- https://git.kernel.org/stable/c/e01aae58e818503f2ffcd34c6f7dc6f90af1057e
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html