CVE-2024-53106

HIGH

Linux Kernel 5.19.1-6.1.118, 6.2.0-6.6.62, 6.7.0-6.11.9 - Out-of-bounds Write in ima_eventdigest_init_common

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ima: fix buffer overrun in ima_eventdigest_init_common Function ima_eventdigest_init() calls ima_eventdigest_init_common() with HASH_ALGO__LAST which is then used to access the array hash_digest_size[] leading to buffer overrun. Have a conditional statement to handle this.

References (5)

Core 5

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Patch

https://git.kernel.org/stable/c/e01aae58e818503f2ffcd34c6f7dc6f90af1057e

Patch

https://git.kernel.org/stable/c/8a84765c62cc0469864e2faee43aae253ad16082

Patch

https://git.kernel.org/stable/c/1ecf0df5205cfb0907eb7984b8671257965a5232

Patch

https://git.kernel.org/stable/c/923168a0631bc42fffd55087b337b1b6c54dcff5

Scores

CVSS v3 7.8

EPSS 0.0024

EPSS Percentile 14.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (16)

linux/Kernel 5.19.0 - 6.1.119linux

linux/Kernel 6.2.0 - 6.6.63linux

linux/Kernel 6.7.0 - 6.11.10linux

Linux/Linux < 5.19

Linux/Linux 5.19

Linux/Linux 6.1.119 - 6.1.*

Linux/Linux 6.11.10 - 6.11.*

Linux/Linux 6.12

Linux/Linux 6.6.63 - 6.6.*

Linux/Linux 9fab303a2cb3d323ca3a32a8b4ab60b451141901 - 1ecf0df5205cfb0907eb7984b8671257965a5232

... and 6 more

Published Dec 02, 2024

Tracked Since Feb 18, 2026