CVE-2024-43854

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 17, 2024
Updated: Aug 19, 2024
CWE ID 401

Summary

CVE-2024-43854: A vulnerability in the Linux kernel's block subsystem has been identified and addressed. The issue stemmed from metadata being initialized with plain kmalloc instead of the __GFP_ZERO flag, leading to random kernel memory being written to media. For non-PI metadata, the entire buffer leaked kernel memory. The vulnerability has been mitigated by adding the __GFP_ZERO flag to allocations for writes.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share