CVE-2024-49975 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ, although this doesn't really matter, debugger can read this memory anyway.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/21cb47db1ec9765f91304763a24565ddc22d2492
https://git.kernel.org/stable/c/24141df5a8615790950deedd926a44ddf1dfd6d8
https://git.kernel.org/stable/c/2aa45f43709ba2082917bd2973d02687075b6eee
https://git.kernel.org/stable/c/34820304cc2cd1804ee1f8f3504ec77813d29c8e
https://git.kernel.org/stable/c/5b981d8335e18aef7908a068529a3287258ff6d8
https://git.kernel.org/stable/c/9634e8dc964a4adafa7e1535147abd7ec29441a6
https://git.kernel.org/stable/c/f31f92107e5a8ecc8902705122c594e979a351fe
https://git.kernel.org/stable/c/f561b48d633ac2e7d0d667020fc634a96ade33a0
https://git.kernel.org/stable/c/fe5e9182d3e227476642ae2b312e2356c4d326a3
https://lore.kernel.org/linux-cve-announce/2024102134-CVE-2024-49975-4533@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-49975
https://www.cve.org/CVERecord?id=CVE-2024-49975

History

Fri, 08 Nov 2024 16:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/f31f92107e5a8ecc8902705122c594e979a351fe https://git.kernel.org/stable/c/fe5e9182d3e227476642ae2b312e2356c4d326a3

Fri, 25 Oct 2024 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
Vendors & Products		Linux Linux linux Kernel

Wed, 23 Oct 2024 01:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024102134-CVE-2024-49975-4533@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-49975 https://www.cve.org/CVERecord?id=CVE-2024-49975
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Tue, 22 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 21 Oct 2024 18:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC\|VM_READ, although this doesn't really matter, debugger can read this memory anyway.
Title		uprobes: fix kernel info leak via "[uprobes]" vma
References		https://git.kernel.org/stable/c/21cb47db1ec9765f91304763a24565ddc22d2492 https://git.kernel.org/stable/c/24141df5a8615790950deedd926a44ddf1dfd6d8 https://git.kernel.org/stable/c/2aa45f43709ba2082917bd2973d02687075b6eee https://git.kernel.org/stable/c/34820304cc2cd1804ee1f8f3504ec77813d29c8e https://git.kernel.org/stable/c/5b981d8335e18aef7908a068529a3287258ff6d8 https://git.kernel.org/stable/c/9634e8dc964a4adafa7e1535147abd7ec29441a6 https://git.kernel.org/stable/c/f561b48d633ac2e7d0d667020fc634a96ade33a0

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-10-21T18:02:23.099Z

Updated: 2024-12-19T09:30:30.698Z

Reserved: 2024-10-21T12:17:06.052Z

Link: CVE-2024-49975

Vulnrichment

Updated: 2024-10-22T13:33:19.073Z

NVD

Status : Modified

Published: 2024-10-21T18:15:18.287

Modified: 2024-11-08T16:15:39.407

Link: CVE-2024-49975

Redhat

Severity : Moderate

Publid Date: 2024-10-21T00:00:00Z

Links: CVE-2024-49975 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-49975", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T12:17:06.052Z", "datePublished": "2024-10-21T18:02:23.099Z", "dateUpdated": "2024-12-19T09:30:30.698Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:30:30.698Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: fix kernel info leak via \"[uprobes]\" vma\n\nxol_add_vma() maps the uninitialized page allocated by __create_xol_area()\ninto userspace. On some architectures (x86) this memory is readable even\nwithout VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ,\nalthough this doesn't really matter, debugger can read this memory anyway."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/events/uprobes.c"], "versions": [{"version": "d4b3b6384f98f8692ad0209891ccdbc7e78bbefe", "lessThan": "f31f92107e5a8ecc8902705122c594e979a351fe", "status": "affected", "versionType": "git"}, {"version": "d4b3b6384f98f8692ad0209891ccdbc7e78bbefe", "lessThan": "fe5e9182d3e227476642ae2b312e2356c4d326a3", "status": "affected", "versionType": "git"}, {"version": "d4b3b6384f98f8692ad0209891ccdbc7e78bbefe", "lessThan": "f561b48d633ac2e7d0d667020fc634a96ade33a0", "status": "affected", "versionType": "git"}, {"version": "d4b3b6384f98f8692ad0209891ccdbc7e78bbefe", "lessThan": "21cb47db1ec9765f91304763a24565ddc22d2492", "status": "affected", "versionType": "git"}, {"version": "d4b3b6384f98f8692ad0209891ccdbc7e78bbefe", "lessThan": "24141df5a8615790950deedd926a44ddf1dfd6d8", "status": "affected", "versionType": "git"}, {"version": "d4b3b6384f98f8692ad0209891ccdbc7e78bbefe", "lessThan": "5b981d8335e18aef7908a068529a3287258ff6d8", "status": "affected", "versionType": "git"}, {"version": "d4b3b6384f98f8692ad0209891ccdbc7e78bbefe", "lessThan": "2aa45f43709ba2082917bd2973d02687075b6eee", "status": "affected", "versionType": "git"}, {"version": "d4b3b6384f98f8692ad0209891ccdbc7e78bbefe", "lessThan": "9634e8dc964a4adafa7e1535147abd7ec29441a6", "status": "affected", "versionType": "git"}, {"version": "d4b3b6384f98f8692ad0209891ccdbc7e78bbefe", "lessThan": "34820304cc2cd1804ee1f8f3504ec77813d29c8e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/events/uprobes.c"], "versions": [{"version": "3.5", "status": "affected"}, {"version": "0", "lessThan": "3.5", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.323", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.285", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.227", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.168", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.113", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.55", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.14", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.3", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/f31f92107e5a8ecc8902705122c594e979a351fe"}, {"url": "https://git.kernel.org/stable/c/fe5e9182d3e227476642ae2b312e2356c4d326a3"}, {"url": "https://git.kernel.org/stable/c/f561b48d633ac2e7d0d667020fc634a96ade33a0"}, {"url": "https://git.kernel.org/stable/c/21cb47db1ec9765f91304763a24565ddc22d2492"}, {"url": "https://git.kernel.org/stable/c/24141df5a8615790950deedd926a44ddf1dfd6d8"}, {"url": "https://git.kernel.org/stable/c/5b981d8335e18aef7908a068529a3287258ff6d8"}, {"url": "https://git.kernel.org/stable/c/2aa45f43709ba2082917bd2973d02687075b6eee"}, {"url": "https://git.kernel.org/stable/c/9634e8dc964a4adafa7e1535147abd7ec29441a6"}, {"url": "https://git.kernel.org/stable/c/34820304cc2cd1804ee1f8f3504ec77813d29c8e"}], "title": "uprobes: fix kernel info leak via \"[uprobes]\" vma", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-49975", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:33:15.927112Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:38:45.577Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-49975", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:33:15.927112Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:33:19.073Z"}}], "cna": {"title": "uprobes: fix kernel info leak via \"[uprobes]\" vma", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "d4b3b6384f98", "lessThan": "f561b48d633a", "versionType": "git"}, {"status": "affected", "version": "d4b3b6384f98", "lessThan": "21cb47db1ec9", "versionType": "git"}, {"status": "affected", "version": "d4b3b6384f98", "lessThan": "24141df5a861", "versionType": "git"}, {"status": "affected", "version": "d4b3b6384f98", "lessThan": "5b981d8335e1", "versionType": "git"}, {"status": "affected", "version": "d4b3b6384f98", "lessThan": "2aa45f43709b", "versionType": "git"}, {"status": "affected", "version": "d4b3b6384f98", "lessThan": "9634e8dc964a", "versionType": "git"}, {"status": "affected", "version": "d4b3b6384f98", "lessThan": "34820304cc2c", "versionType": "git"}], "programFiles": ["kernel/events/uprobes.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.5"}, {"status": "unaffected", "version": "0", "lessThan": "3.5", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.227", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.168", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.113", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.55", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.14", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11.3", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12-rc2", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["kernel/events/uprobes.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/f561b48d633ac2e7d0d667020fc634a96ade33a0"}, {"url": "https://git.kernel.org/stable/c/21cb47db1ec9765f91304763a24565ddc22d2492"}, {"url": "https://git.kernel.org/stable/c/24141df5a8615790950deedd926a44ddf1dfd6d8"}, {"url": "https://git.kernel.org/stable/c/5b981d8335e18aef7908a068529a3287258ff6d8"}, {"url": "https://git.kernel.org/stable/c/2aa45f43709ba2082917bd2973d02687075b6eee"}, {"url": "https://git.kernel.org/stable/c/9634e8dc964a4adafa7e1535147abd7ec29441a6"}, {"url": "https://git.kernel.org/stable/c/34820304cc2cd1804ee1f8f3504ec77813d29c8e"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: fix kernel info leak via \"[uprobes]\" vma\n\nxol_add_vma() maps the uninitialized page allocated by __create_xol_area()\ninto userspace. On some architectures (x86) this memory is readable even\nwithout VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ,\nalthough this doesn't really matter, debugger can read this memory anyway."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:52:44.364Z"}}}, "cveMetadata": {"cveId": "CVE-2024-49975", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:52:44.364Z", "dateReserved": "2024-10-21T12:17:06.052Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T18:02:23.099Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8F34E94-54BD-4509-83CE-8416B1B0CCDF", "versionEndExcluding": "5.10.227", "versionStartIncluding": "3.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C", "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0", "versionEndExcluding": "6.6.55", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021", "versionEndExcluding": "6.10.14", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9", "versionEndExcluding": "6.11.3", "versionStartIncluding": "6.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: fix kernel info leak via \"[uprobes]\" vma\n\nxol_add_vma() maps the uninitialized page allocated by __create_xol_area()\ninto userspace. On some architectures (x86) this memory is readable even\nwithout VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ,\nalthough this doesn't really matter, debugger can read this memory anyway."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: uprobes: se corrige la fuga de informaci\u00f3n del kernel a trav\u00e9s de \"[uprobes]\" vma xol_add_vma() asigna la p\u00e1gina no inicializada asignada por __create_xol_area() al espacio de usuario. En algunas arquitecturas (x86), esta memoria se puede leer incluso sin VM_READ, VM_EXEC da como resultado el mismo pgprot_t que VM_EXEC|VM_READ, aunque esto realmente no importa, el depurador puede leer esta memoria de todos modos."}], "id": "CVE-2024-49975", "lastModified": "2024-11-08T16:15:39.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T18:15:18.287", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/21cb47db1ec9765f91304763a24565ddc22d2492"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/24141df5a8615790950deedd926a44ddf1dfd6d8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2aa45f43709ba2082917bd2973d02687075b6eee"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/34820304cc2cd1804ee1f8f3504ec77813d29c8e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5b981d8335e18aef7908a068529a3287258ff6d8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9634e8dc964a4adafa7e1535147abd7ec29441a6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f31f92107e5a8ecc8902705122c594e979a351fe"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f561b48d633ac2e7d0d667020fc634a96ade33a0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fe5e9182d3e227476642ae2b312e2356c4d326a3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: uprobes: fix kernel info leak via \"[uprobes]\" vma", "id": "2320500", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320500"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nuprobes: fix kernel info leak via \"[uprobes]\" vma\nxol_add_vma() maps the uninitialized page allocated by __create_xol_area()\ninto userspace. On some architectures (x86) this memory is readable even\nwithout VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ,\nalthough this doesn't really matter, debugger can read this memory anyway."], "name": "CVE-2024-49975", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-49975\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-49975\nhttps://lore.kernel.org/linux-cve-announce/2024102134-CVE-2024-49975-4533@gregkh/T"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object