CVE-2024-42156

CVSS 3.1 Score 4.1 of 10 (medium)

Details

Published Jul 30, 2024

Updated: Aug 2, 2024

Summary

CVE-2024-42156 is a vulnerability affecting the Linux kernel. This issue involves the s390/pkey subsystem, where clear-key structures are not properly wiped upon failure during certain IOCTLs (Input/Output Control messages). As a result, sensitive data could be exposed, potentially allowing unauthorized access or data breaches. The kernel's developers have resolved this issue by ensuring that all sensitive data is cleaned from the stack for all related IOCTLs.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xUZa18
https://www.cve.org/CVERecord?id=CVE-2024-42156
https://nvd.nist.gov/vuln/detail/CVE-2024-42156

Back to Vulnerability Database

CVE-2024-42156

CVSS 3.1 Score 4.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations