Sensitive Information Exposure Vulnerability in openEuler Kernel on Linux
CVE-2024-24898

6MEDIUM

Key Information:

Vendor: Openeuler
Status: Kernel
Vendor: CVE Published:; 15 April 2024

What is CVE-2024-24898?

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C.

This issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244.

Affected Version(s)

kernel Linux 4.19.90-2109.1.0.0108 < 4.19.90-2403.4.0.0244

References

https://www.openeuler.org/zh/security/security-bulletins/...

https://gitee.com/src-openeuler/kernel/pulls/1321

https://gitee.com/src-openeuler/kernel/pulls/1320

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2024
Vulnerability Reserved
Feb 1, 2024

Credit

[email protected]

Openeuler

What is CVE-2024-24898?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit