CVE-2024-39277

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jun 21, 2024
Updated: Aug 20, 2024
CWE ID 125

Summary

CVE-2024-39277 is a vulnerability affecting the Linux kernel's dma-mapping benchmark feature. The issue arises when cpumask_of_node() is called for NUMA_NO_NODE inside do_map_benchmark(), leading to an out-of-bounds array index error. This error, identified by the AddressSanitizer tool, occurs at topology.h:72 and can result in unexpected kernel behavior. Users are advised to use cpumask_of_node() appropriately when binding a kernel thread to a cpuset of a particular node, as the provided node id is not handled correctly in this case. This vulnerability was discovered by the Linux Verification Center.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share