CVE-2024-53107
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-53107 is a vulnerability affecting the Linux kernel that has been addressed. In the "fs/proc/task_mmu" module, the function "pagemap_scan_get_args()" contains a potential integer overflow issue. The cause of this vulnerability is the multiplication of the variable "arg->vec_len" (which comes from user input) with the size of "struct page_region". This multiplication can result in integer wrapping due to the large size of the input. To mitigate this risk, the use of the "size_mul()" function is recommended. Additionally, for 32-bit systems, it is essential to ensure that "arg->vec_len" fits within an unsigned long to avoid issues with size_add/mul() functions.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX