CVE-2024-42134

In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Check if is_avq is NULL [bug] In the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved to determine whether it is admin virtqueue, but this function vp_dev->is_avq may be empty. For installations, virtio_pci_legacy does not assign a value to vp_dev->is_avq. [fix] Check whether it is vp_dev->is_avq before use. [test] Test with virsh Attach device Before this patch, the following command would crash the guest system After applying the patch, everything seems to be working fine.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/5e2024b0b9b3d5709e3f7e9b92951d7e29154106	Patch
https://git.kernel.org/stable/c/c8fae27d141a32a1624d0d0d5419d94252824498	Patch
https://git.kernel.org/stable/c/5e2024b0b9b3d5709e3f7e9b92951d7e29154106	Patch
https://git.kernel.org/stable/c/c8fae27d141a32a1624d0d0d5419d94252824498	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

11 Dec 2024, 17:19

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-476
CPE		cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/5e2024b0b9b3d5709e3f7e9b92951d7e29154106 -~~	() https://git.kernel.org/stable/c/5e2024b0b9b3d5709e3f7e9b92951d7e29154106 - Patch
References	~~() https://git.kernel.org/stable/c/c8fae27d141a32a1624d0d0d5419d94252824498 -~~	() https://git.kernel.org/stable/c/c8fae27d141a32a1624d0d0d5419d94252824498 - Patch
First Time		Linux linux Kernel Linux

Information

Published : 2024-07-30 08:15

Updated : 2024-12-11 17:19

NVD link : CVE-2024-42134

Mitre link : CVE-2024-42134

CVE.ORG link : CVE-2024-42134

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2024-42134", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-07-30T08:15:05.360", "references": [{"url": "https://git.kernel.org/stable/c/5e2024b0b9b3d5709e3f7e9b92951d7e29154106", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c8fae27d141a32a1624d0d0d5419d94252824498", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5e2024b0b9b3d5709e3f7e9b92951d7e29154106", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/c8fae27d141a32a1624d0d0d5419d94252824498", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-pci: Check if is_avq is NULL\n\n[bug]\nIn the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved\nto determine whether it is admin virtqueue, but this function vp_dev->is_avq\n may be empty. For installations, virtio_pci_legacy does not assign a value\n to vp_dev->is_avq.\n\n[fix]\nCheck whether it is vp_dev->is_avq before use.\n\n[test]\nTest with virsh Attach device\nBefore this patch, the following command would crash the guest system\n\nAfter applying the patch, everything seems to be working fine."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtio-pci: compruebe si is_avq es NULL [error] En la funci\u00f3n virtio_pci_common.c vp_del_vqs, vp_dev->is_avq participa para determinar si es admin virtqueue, pero esta funci\u00f3n vp_dev ->is_avq puede estar vac\u00edo. Para instalaciones, virtio_pci_legacy no asigna un valor a vp_dev->is_avq. [arreglo] Verifique si es vp_dev->is_avq antes de usarlo. [prueba] Prueba con virsh Adjuntar dispositivo Antes de este parche, el siguiente comando bloquear\u00eda el sistema invitado. Despu\u00e9s de aplicar el parche, todo parece estar funcionando bien."}], "lastModified": "2024-12-11T17:19:26.307", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDD11F94-D8F3-477D-931C-7806D6E5D6D3", "versionEndExcluding": "6.9.9"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}