UBUNTU-CVE-2024-0582

Description

A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• ubuntu•linux-allwinner-5.19

  all

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.19

  all

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-6.2

  all

• ubuntu•linux-aws-6.5

  all

• ubuntu•linux-azure

  all

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.19

  all

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-6.2

  all

• ubuntu•linux-azure-6.5

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  all

• ubuntu•linux-azure-fde-5.19

  all

• ubuntu•linux-azure-fde-6.2

  all

• ubuntu•linux-gcp

  all

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.19

  all

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-6.2

  all

• ubuntu•linux-gcp-6.5

  all

• ubuntu•linux-gke

  all

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.15

  all

• ubuntu•linux-gke-5.4

  all

• ubuntu•linux-gkeop-5.4

  all

• ubuntu•linux-hwe

  all

• ubuntu•linux-hwe-5.11

  all

• ubuntu•linux-hwe-5.13

  all

• ubuntu•linux-hwe-5.19

  all

• ubuntu•linux-hwe-5.8

  all

• ubuntu•linux-hwe-6.2

  all

• ubuntu•linux-hwe-6.5

  < 6.5.0-21.21~22.04.1

• ubuntu•linux-hwe-edge

  all | all

• ubuntu•linux-intel-5.13

  all

• ubuntu•linux-intel-iot-realtime

  all

• ubuntu•linux-lowlatency-hwe-5.19

  all

• ubuntu•linux-lowlatency-hwe-6.2

  all

• ubuntu•linux-lowlatency-hwe-6.5

  all

• ubuntu•linux-nvidia-6.2

  all

• ubuntu•linux-nvidia-6.5

  < 6.5.0-1014.14

• ubuntu•linux-oem

  all

Showing first 50 affected entries in server-rendered view.

References (10)

• https://ubuntu.com/security/CVE-2024-0582
• https://bugs.chromium.org/p/project-zero/issues/detail?id=2504
• https://git.kernel.org/linus/c392cbecd8eca4c53f2bf508731257d9d0a21c2d
• https://access.redhat.com/security/cve/CVE-2024-0582
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c392cbecd8eca4c53f2bf508731257d9d0a21c2d
• https://ubuntu.com/security/notices/USN-6651-1
• https://ubuntu.com/security/notices/USN-6652-1
• https://ubuntu.com/security/notices/USN-6651-2
• https://ubuntu.com/security/notices/USN-6651-3
• https://www.cve.org/CVERecord?id=CVE-2024-0582