CVE-2024-42251

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 8, 2024
Updated: Sep 6, 2024
CWE ID 617

Summary

CVE-2024-42251: A kernel vulnerability affecting Linux systems, specifically in the mm: page\_ref subsystem, has been addressed. The issue was identified in a non-SMP kernel and resulted in an "invalid opcode" error during a kernel dump. The root cause was reported as a bug in the try\_get\_folio function of the mm/gup.c file. The vulnerability allowed for an unauthorized process (PID: 4335) to access protected memory, potentially leading to system instability or crashes. The vulnerability was traced back to a call chain involving several Linux kernel functions, including try\_get\_folio, do\_error\_trap, and exc\_invalid\_op. The issue has been resolved in the Linux kernel.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share