VDB
CISA-2024-50080
CISA-2024-50080
PUBLISHED
CVSS 5.5 MEDIUM
Reported by Linux · Published October 29, 2024
In the Linux kernel, the following vulnerability has been resolved: ublk: don't allow user copy for unprivileged device UBLK_F_USER_COPY requires userspace to call write() on ublk char device for filling request buffer, and unprivileged device can't be trusted. So don't allow user copy for unprivileged device.
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 1172d5b8beca6b899deb9f7f2850e7e47ec16198, 1172d5b8beca6b899deb9f7f2850e7e47ec16198, 1172d5b8beca6b899deb9f7f2850e7e47ec16198 |
| Linux | Linux | 6.5, 0, 6.6.58 |
| linux | linux_kernel | 6.5, 6.5, 6.5 |
| Linux | Linux | 1172d5b8beca6b899deb9f7f2850e7e47ec16198, 1172d5b8beca6b899deb9f7f2850e7e47ec16198, 6.5 |
Timeline
- Oct 29, 2024 CVE Published
- Oct 1, 2025 CVE Updated