{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-43890", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-17T09:11:59.289Z", "datePublished": "2024-08-26T10:10:43.547Z", "dateUpdated": "2024-12-19T09:17:53.587Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:17:53.587Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n\"tracing_map->next_elt\" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing \"tracing_map->max_size\" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to \"tracing_map->next_elt\"\nonce it reaches \"tracing_map->max_elt\"."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/trace/tracing_map.c"], "versions": [{"version": "08d43a5fa063e03c860f2f391a30c388bcbc948e", "lessThan": "302ceb625d7b990db205a15e371f9a71238de91c", "status": "affected", "versionType": "git"}, {"version": "08d43a5fa063e03c860f2f391a30c388bcbc948e", "lessThan": "d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18", "status": "affected", "versionType": "git"}, {"version": "08d43a5fa063e03c860f2f391a30c388bcbc948e", "lessThan": "eb223bf01e688dfe37e813c8988ee11c8c9f8d0a", "status": "affected", "versionType": "git"}, {"version": "08d43a5fa063e03c860f2f391a30c388bcbc948e", "lessThan": "cd10d186a5409a1fe6e976df82858e9773a698da", "status": "affected", "versionType": "git"}, {"version": "08d43a5fa063e03c860f2f391a30c388bcbc948e", "lessThan": "788ea62499b3c18541fd6d621964d8fafbc4aec5", "status": "affected", "versionType": "git"}, {"version": "08d43a5fa063e03c860f2f391a30c388bcbc948e", "lessThan": "a172c7b22bc2feaf489cfc6d6865f7237134fdf8", "status": "affected", "versionType": "git"}, {"version": "08d43a5fa063e03c860f2f391a30c388bcbc948e", "lessThan": "236bb4690773ab6869b40bedc7bc8d889e36f9d6", "status": "affected", "versionType": "git"}, {"version": "08d43a5fa063e03c860f2f391a30c388bcbc948e", "lessThan": "bcf86c01ca4676316557dd482c8416ece8c2e143", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/trace/tracing_map.c"], "versions": [{"version": "4.7", "status": "affected"}, {"version": "0", "lessThan": "4.7", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.320", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.282", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.224", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.165", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.105", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.46", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.5", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c"}, {"url": "https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18"}, {"url": "https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a"}, {"url": "https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da"}, {"url": "https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5"}, {"url": "https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8"}, {"url": "https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6"}, {"url": "https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143"}], "title": "tracing: Fix overflow in get_free_elt()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43890", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:29:25.469360Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:32:58.468Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43890", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:29:25.469360Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:12.516Z"}}], "cna": {"title": "tracing: Fix overflow in get_free_elt()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "08d43a5fa063", "lessThan": "302ceb625d7b", "versionType": "git"}, {"status": "affected", "version": "08d43a5fa063", "lessThan": "d3e4dbc2858f", "versionType": "git"}, {"status": "affected", "version": "08d43a5fa063", "lessThan": "eb223bf01e68", "versionType": "git"}, {"status": "affected", "version": "08d43a5fa063", "lessThan": "cd10d186a540", "versionType": "git"}, {"status": "affected", "version": "08d43a5fa063", "lessThan": "788ea62499b3", "versionType": "git"}, {"status": "affected", "version": "08d43a5fa063", "lessThan": "a172c7b22bc2", "versionType": "git"}, {"status": "affected", "version": "08d43a5fa063", "lessThan": "236bb4690773", "versionType": "git"}, {"status": "affected", "version": "08d43a5fa063", "lessThan": "bcf86c01ca46", "versionType": "git"}], "programFiles": ["kernel/trace/tracing_map.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.7"}, {"status": "unaffected", "version": "0", "lessThan": "4.7", "versionType": "custom"}, {"status": "unaffected", "version": "4.19.320", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.282", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.224", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.165", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.105", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.46", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.5", "versionType": "custom", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["kernel/trace/tracing_map.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c"}, {"url": "https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18"}, {"url": "https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a"}, {"url": "https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da"}, {"url": "https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5"}, {"url": "https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8"}, {"url": "https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6"}, {"url": "https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n\"tracing_map->next_elt\" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing \"tracing_map->max_size\" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to \"tracing_map->next_elt\"\nonce it reaches \"tracing_map->max_elt\"."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-15T17:55:00.157Z"}}}, "cveMetadata": {"cveId": "CVE-2024-43890", "state": "PUBLISHED", "dateUpdated": "2024-09-15T17:55:00.157Z", "dateReserved": "2024-08-17T09:11:59.289Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-26T10:10:43.547Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5445A05-438F-486B-AA08-94074DAF4196", "versionEndExcluding": "4.19.320", "versionStartIncluding": "4.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8961D98-9ACF-4188-BA88-44038B14BC28", "versionEndExcluding": "5.4.282", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CCEDF13-293D-4E64-B501-4409D0365AFE", "versionEndExcluding": "5.10.224", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4E2B568-3171-41DE-B519-F2B1A3600D94", "versionEndExcluding": "5.15.165", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "89BEB24B-0F37-4C92-A397-564DA7CD8EE9", "versionEndExcluding": "6.1.105", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA11941E-81FB-484C-B583-881EEB488340", "versionEndExcluding": "6.6.46", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D074AE50-4A5E-499C-A2FD-75FD60DEA560", "versionEndExcluding": "6.10.5", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n\"tracing_map->next_elt\" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing \"tracing_map->max_size\" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to \"tracing_map->next_elt\"\nonce it reaches \"tracing_map->max_elt\"."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: corrige el desbordamiento en get_free_elt() \"tracing_map->next_elt\" en get_free_elt() corre el riesgo de desbordarse. Una vez que se desborda, a\u00fan se pueden insertar nuevos elementos en tracing_map aunque se haya alcanzado el n\u00famero m\u00e1ximo de elementos (`max_elts`). Continuar insertando elementos despu\u00e9s del desbordamiento podr\u00eda dar como resultado que tracing_map contenga elementos \"tracing_map->max_size\", sin dejar entradas vac\u00edas. Si se intenta insertar un elemento en un tracing_map completo usando `__tracing_map_insert()`, se producir\u00e1 un bucle infinito con la preferencia deshabilitada, lo que provocar\u00e1 un problema de bloqueo de la CPU. Solucione este problema evitando incrementos adicionales en \"tracing_map->next_elt\" una vez que llegue a \"tracing_map->max_elt\"."}], "id": "CVE-2024-43890", "lastModified": "2024-09-05T18:48:30.320", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-26T11:15:04.040", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: tracing: Fix overflow in get_free_elt()", "id": "2307863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2307863"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ntracing: Fix overflow in get_free_elt()\n\"tracing_map->next_elt\" in get_free_elt() is at risk of overflowing.\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing \"tracing_map->max_size\" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\nFix this by preventing any further increments to \"tracing_map->next_elt\"\nonce it reaches \"tracing_map->max_elt\".", "An integer overflow vulnerability was found in the get_free_elt() function in the Linux Kernel's tracing subsystem, which is part of the tracing map logic. A local attacker with access to the tracing subsystem could exploit this vulnerability to cause a CPU hang, leading to a denial of service (DoS)."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-43890", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-43890\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-43890\nhttps://lore.kernel.org/linux-cve-announce/2024082601-CVE-2024-43890-1c3a@gregkh/T"], "threat_severity": "Low"}