CVE-2024-45014

MEDIUM

Linux Kernel 6.10-6.10.6 - Allocation of Resources Without Limits or Throttling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: s390/boot: Avoid possible physmem_info segment corruption When physical memory for the kernel image is allocated it does not consider extra memory required for offsetting the image start to match it with the lower 20 bits of KASLR virtual base address. That might lead to kernel access beyond its memory range.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/a944cba5d57687b747023c3bc074fcf9c790f7df

Patch

https://git.kernel.org/stable/c/d7fd2941ae9a67423d1c7bee985f240e4686634f

Scores

CVSS v3 5.5

EPSS 0.0018

EPSS Percentile 7.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (9)

linux/Kernel 6.10.0 - 6.10.7linux

Linux/Linux < 6.10

Linux/Linux 6.10

Linux/Linux 6.10.7 - 6.10.*

Linux/Linux 6.11

Linux/Linux 693d41f7c938f92d881e6a51525e6c132a186afd - a944cba5d57687b747023c3bc074fcf9c790f7df

Linux/Linux 693d41f7c938f92d881e6a51525e6c132a186afd - d7fd2941ae9a67423d1c7bee985f240e4686634f

linux/linux_kernel 6.11 rc1 (4 CPE variants)

linux/linux_kernel 6.10 - 6.10.7

Published Sep 11, 2024

Tracked Since Feb 18, 2026