CVE-2024-53145: um: Fix potential integer overflow during physmem setup
First published: Tue Dec 24 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: um: Fix potential integer overflow during physmem setup This issue happens when the real map size is greater than LONG_MAX, which can be easily triggered on UML/i386.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=4.1<5.4.287 | |
| Linux Kernel | >=5.5<5.10.231 | |
| Linux Kernel | >=5.11<5.15.174 | |
| Linux Kernel | >=5.16<6.1.120 | |
| Linux Kernel | >=6.2<6.6.64 | |
| Linux Kernel | >=6.7<6.11.11 | |
| Linux Kernel | >=6.12<6.12.2 | |
| debian/linux | <=5.10.223-1<=5.10.226-1 | 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/5c710f45811e7e2bfcf703980c306f19c7e1ecfe
- https://git.kernel.org/stable/c/e6102b72edc4eb8c0858df00ba74b5ce579c8fa2
- https://git.kernel.org/stable/c/1bd118c5f887802cef2d9ba0d1917258667f1cae
- https://git.kernel.org/stable/c/1575df968650d11771359e5ac78278c5b0cc19f3
- https://git.kernel.org/stable/c/a875c023155ea92b75d6323977003e64d92ae7fc
- https://git.kernel.org/stable/c/d1a211e5210d31da8f49fc0021bf7129b726468c
- https://git.kernel.org/stable/c/a9c95f787b88b29165563fd97761032db77116e7
- https://git.kernel.org/stable/c/a98b7761f697e590ed5d610d87fa12be66f23419
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53145
- https://nvd.nist.gov/vuln/detail/CVE-2024-53145
- https://launchpad.net/bugs/cve/CVE-2024-53145
- https://security-tracker.debian.org/tracker/CVE-2024-53145
- https://ubuntu.com/security/CVE-2024-53145
- https://git.kernel.org/linus/a98b7761f697e590ed5d610d87fa12be66f23419
Frequently Asked Questions
What is the severity of CVE-2024-53145?
CVE-2024-53145 has a high severity due to the potential for integer overflow during physical memory setup in the Linux kernel.
How do I fix CVE-2024-53145?
To fix CVE-2024-53145, update the Linux kernel to a version that includes the security patch addressing the vulnerability.
What versions of the Linux kernel are affected by CVE-2024-53145?
CVE-2024-53145 affects Linux kernel versions from 4.1 to 5.4.287, 5.5 to 5.10.231, 5.11 to 5.15.174, 5.16 to 6.1.120, 6.2 to 6.6.64, and 6.7 to 6.11.11.
What is the impact of exploiting CVE-2024-53145?
Exploiting CVE-2024-53145 may lead to denial of service due to a crash or instability in the affected Linux kernel.
Who is affected by CVE-2024-53145?
Users and organizations running vulnerable versions of the Linux kernel are at risk of issues related to CVE-2024-53145.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/source
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.1
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12
- package-manager/debian