CVE-2024-44966
Linux kernel RISC-V Flat Binder Data Corruption Vulnerability
Description
In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix corruption when not offsetting data start Commit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start") introduced a RISC-V specific variant of the FLAT format which does not allocate any space for the (obsolete) array of shared library pointers. However, it did not disable the code which initializes the array, resulting in the corruption of sizeof(long) bytes before the DATA segment, generally the end of the TEXT segment. Introduce MAX_SHARED_LIBS_UPDATE which depends on the state of CONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of the shared library pointer region so that it will only be initialized if space is reserved for it.
INFO
Published Date :
Sept. 4, 2024, 7:15 p.m.
Last Modified :
Oct. 4, 2024, 4:15 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
3.6
Exploitability Score :
1.8
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-44966.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-44966 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-44966 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Oct. 04, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Changed Reference Type https://git.kernel.org/stable/c/3a684499261d0f7ed5ee72793025c88c2276809c No Types Assigned https://git.kernel.org/stable/c/3a684499261d0f7ed5ee72793025c88c2276809c Patch Changed Reference Type https://git.kernel.org/stable/c/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671 No Types Assigned https://git.kernel.org/stable/c/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671 Patch Changed Reference Type https://git.kernel.org/stable/c/49df34d2b7da9e57c839555a2f7877291ce45ad1 No Types Assigned https://git.kernel.org/stable/c/49df34d2b7da9e57c839555a2f7877291ce45ad1 Patch Changed Reference Type https://git.kernel.org/stable/c/9350ba06ee61db392c486716ac68ecc20e030f7c No Types Assigned https://git.kernel.org/stable/c/9350ba06ee61db392c486716ac68ecc20e030f7c Patch Changed Reference Type https://git.kernel.org/stable/c/af65d5383854cc3f172a7d0843b628758bf462c8 No Types Assigned https://git.kernel.org/stable/c/af65d5383854cc3f172a7d0843b628758bf462c8 Patch Added CWE NIST NVD-CWE-noinfo Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.13 up to (excluding) 5.15.165 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.106 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.47 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.10.6 *cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:* -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Sep. 04, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix corruption when not offsetting data start Commit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start") introduced a RISC-V specific variant of the FLAT format which does not allocate any space for the (obsolete) array of shared library pointers. However, it did not disable the code which initializes the array, resulting in the corruption of sizeof(long) bytes before the DATA segment, generally the end of the TEXT segment. Introduce MAX_SHARED_LIBS_UPDATE which depends on the state of CONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of the shared library pointer region so that it will only be initialized if space is reserved for it. Added Reference kernel.org https://git.kernel.org/stable/c/3a684499261d0f7ed5ee72793025c88c2276809c [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/af65d5383854cc3f172a7d0843b628758bf462c8 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/49df34d2b7da9e57c839555a2f7877291ce45ad1 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/9350ba06ee61db392c486716ac68ecc20e030f7c [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671 [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-44966 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-44966
weaknesses.