CVE-2024-39277
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-39277 is a vulnerability affecting the Linux kernel's dma-mapping benchmark feature. The issue arises when cpumask_of_node() is called for NUMA_NO_NODE inside do_map_benchmark(), leading to an out-of-bounds array index error. This error, identified by the AddressSanitizer tool, occurs at topology.h:72 and can result in unexpected kernel behavior. Users are advised to use cpumask_of_node() appropriately when binding a kernel thread to a cpuset of a particular node, as the provided node id is not handled correctly in this case. This vulnerability was discovered by the Linux Verification Center.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.