Vulnerability in Linux Kernel Affecting IBM Power11 Systems
CVE-2024-56765

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 January 2025

Summary

This vulnerability in the Linux kernel arises from an improper handling of virtual memory areas (VMAs) in the VAS window struct. The issue occurs during migration, where the VMA address is not updated appropriately when munmap() is called. As a result, an invalid access to freed memory can take place, leading to potential system instability or crashes. The KASAN reports highlight that improper memory access can arise, representing a serious concern for users operating IBM Power11 systems relying on the Linux kernel.

Affected Version(s)

Linux 37e6764895ef7431f45ff603a548549d409993d2 < 8b2282b5084521254a2cd9742a3f4e1d5b77f843

Linux 37e6764895ef7431f45ff603a548549d409993d2

Linux 37e6764895ef7431f45ff603a548549d409993d2 < 6d9cd27105459f169993a4c5f216499a946dbf34

References

https://git.kernel.org/stable/c/8b2282b5084521254a2cd9742...

https://git.kernel.org/stable/c/b7f60ffdfd96f8fc826f1d61a...

https://git.kernel.org/stable/c/6d9cd27105459f169993a4c5f...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 6, 2025