CVE-2024-44969

medium

Description

In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation. If this attempt fails due to a hardware or firmware problem, there is a chance that the SCLP facility might store data into buffers referenced by the original operation at a later time. Handle this situation by not releasing the referenced data buffers if the halt attempt fails. For current use cases, this might result in a leak of few pages of memory in case of a rare hardware/firmware malfunction.

References

https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35

https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463

https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148

https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe

https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79

https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506

https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05

https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633

Details

Source: Mitre, NVD

Published: 2024-09-04

Updated: 2024-10-03

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium