CVE-2024-44969

MEDIUM

Linux kernel - Buffer Overflow

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation. If this attempt fails due to a hardware or firmware problem, there is a chance that the SCLP facility might store data into buffers referenced by the original operation at a later time. Handle this situation by not releasing the referenced data buffers if the halt attempt fails. For current use cases, this might result in a leak of few pages of memory in case of a rare hardware/firmware malfunction.

References (9)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

[Patch] https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633

[Patch] https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05

[Patch] https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506

[Patch] https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79

[Patch] https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe

[Patch] https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148

[Patch] https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463

[Patch] https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (8)

linux/linux_kernel < 4.19.320

linux/Kernel < 4.19.320linux

linux/Kernel < 5.4.282linux

linux/Kernel < 5.10.224linux

linux/Kernel < 5.15.165linux

linux/Kernel < 6.1.105linux

linux/Kernel < 6.6.46linux

linux/Kernel < 6.10.5linux

Timeline

Published Sep 04, 2024

Tracked Since Feb 18, 2026