CVE-2024-53110

medium

Description

In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix id_table array not null terminated error Allocate one extra virtio_device_id as null terminator, otherwise vdpa_mgmtdev_get_classes() may iterate multiple times and visit undefined memory.

References

https://git.kernel.org/stable/c/c4d64534d4b1c47d2f1ce427497f971ad4735aae

https://git.kernel.org/stable/c/870d68fe17b5d9032049dcad98b5781a344a8657

https://git.kernel.org/stable/c/4e39ecadf1d2a08187139619f1f314b64ba7d947

https://git.kernel.org/stable/c/0a886489d274596ad1a80789d3a773503210a615

Details

Source: Mitre, NVD

Published: 2024-12-02

Updated: 2024-12-11

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium