CVE-2024-38667
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-38667: A vulnerability has been identified in the Linux kernel's RISC-V implementation. The issue lies with the secondary idle threads, whose kernel thread stacks overlap with their pt_regs structures. This overlap can result in corruption of both the stack and the pt_regs, affecting the status field of the latter. A similar issue was previously addressed for the primary hart, but the fix was not propagated to the secondary harts. This vulnerability was uncovered during CPU hotplug tests with virtualization enabled, and could potentially lead to incorrect saving or restoration of V context.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.