Executive Summary

Informations
Name CVE-2024-36891 First vendor Publication 2024-05-30
Vendor Cve Last vendor Modification 2024-06-16

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

maple_tree: fix mas_empty_area_rev() null pointer dereference

Currently the code calls mas_start() followed by mas_data_end() if the maple state is MA_START, but mas_start() may return with the maple state node == NULL. This will lead to a null pointer dereference when checking information in the NULL node, which is done in mas_data_end().

Avoid setting the offset if there is no node by waiting until after the maple state is checked for an empty or single entry state.

A user could trigger the events to cause a kernel oops by unmapping all vmas to produce an empty maple tree, then mapping a vma that would cause the scenario described above.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36891

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-476 NULL Pointer Dereference

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3562

Sources (Detail)

https://git.kernel.org/stable/c/6c9c7c1e63b198a8b979ad963eb21410f10ccb00
https://git.kernel.org/stable/c/883e5d542bbdddbddeba60250cb482baf3ae2415
https://git.kernel.org/stable/c/955a923d2809803980ff574270f81510112be9cf
https://git.kernel.org/stable/c/f3956791cf526540addd3295e4c1e0f0442486cc
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2024-06-16 17:27:30
  • Multiple Updates
2024-06-11 00:27:39
  • Multiple Updates
2024-05-31 00:27:31
  • Multiple Updates
2024-05-30 21:27:23
  • First insertion