VDB

CISA-2024-50080

CISA-2024-50080 PUBLISHED CVSS 5.5 MEDIUM

Reported by Linux · Published October 29, 2024

In the Linux kernel, the following vulnerability has been resolved: ublk: don't allow user copy for unprivileged device UBLK_F_USER_COPY requires userspace to call write() on ublk char device for filling request buffer, and unprivileged device can't be trusted. So don't allow user copy for unprivileged device.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
LinuxLinux1172d5b8beca6b899deb9f7f2850e7e47ec16198, 1172d5b8beca6b899deb9f7f2850e7e47ec16198, 1172d5b8beca6b899deb9f7f2850e7e47ec16198
LinuxLinux6.5, 0, 6.6.58
linuxlinux_kernel6.5, 6.5, 6.5
LinuxLinux1172d5b8beca6b899deb9f7f2850e7e47ec16198, 1172d5b8beca6b899deb9f7f2850e7e47ec16198, 6.5

Timeline

  • Oct 29, 2024 CVE Published
  • Oct 1, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›