- Vulnerability/
- CVE-2024-53148
CVE-2024-53148: comedi: Flush partial mappings in error case
First published: Tue Dec 24 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedi_buf_map_put(bm). The userspace mappings are only cleaned up later in the mmap error path. Fix it by explicitly flushing all mappings in our VMA on the error path. See commit 79a61cc3fc04 ("mm: avoid leaving partial pfn mappings around in error case").
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| debian/linux | <=5.10.223-1<=5.10.226-1 | 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/16c507df509113c037cdc0ba642b9ab3389bd26c
- https://git.kernel.org/stable/c/297f14fbb81895f4ccdb0ad25d196786d6461e00
- https://git.kernel.org/stable/c/57f048c2d205b85e34282a9b0b0ae177e84c2f44
- https://git.kernel.org/stable/c/8797b7712de704dc231f9e821d8eb3b9aeb3a032
- https://git.kernel.org/stable/c/9b07fb464eb69a752406e78e62ab3a60bfa7b00d
- https://git.kernel.org/stable/c/b9322408d83accc8b96322bc7356593206288c56
- https://git.kernel.org/stable/c/c6963a06ce5c61d3238751ada04ee1569663a828
- https://git.kernel.org/stable/c/ce8f9fb651fac95dd41f69afe54d935420b945bd
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53148
- https://nvd.nist.gov/vuln/detail/CVE-2024-53148
- https://launchpad.net/bugs/cve/CVE-2024-53148
- https://security-tracker.debian.org/tracker/CVE-2024-53148
- https://ubuntu.com/security/CVE-2024-53148
- https://git.kernel.org/linus/ce8f9fb651fac95dd41f69afe54d935420b945bd
Frequently Asked Questions
What is the severity of CVE-2024-53148?
CVE-2024-53148 has a moderate severity rating due to the potential for userspace memory access issues.
How do I fix CVE-2024-53148?
To resolve CVE-2024-53148, update your Linux kernel to the latest patched version provided by your distribution.
What systems are affected by CVE-2024-53148?
CVE-2024-53148 affects various versions of the Linux kernel used in many Linux distributions.
What are the potential impacts of CVE-2024-53148?
The potential impacts of CVE-2024-53148 include unauthorized access to userspace memory by an attacker.
Is there a workaround for CVE-2024-53148?
Currently, there are no officially recommended workarounds for CVE-2024-53148; applying the patch is the best mitigation.
- agent/severity
- agent/title
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/nvd-cve
- agent/references
- agent/source
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- package-manager/debian