Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2024-41068

Disclosure Date: July 29, 2024 •

CVE-2024-41068

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

s390/sclp: Fix sclp_init() cleanup on failure

If sclp_init() fails it only partially cleans up: if there are multiple
failing calls to sclp_init() sclp_state_change_event will be added several
times to sclp_reg_list, which results in the following warning:

——————[ cut here ]——————
list_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10.
WARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 list_add_valid_or_report+0xde/0xf8
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc3
Krnl PSW : 0404c00180000000 000003ffe0d6076a (list_add_valid_or_report+0xe2/0xf8)

       R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3

…
Call Trace:
[<000003ffe0d6076a>] __list_add_valid_or_report+0xe2/0xf8
([<000003ffe0d60766>] __list_add_valid_or_report+0xde/0xf8)
[<000003ffe0a8d37e>] sclp_init+0x40e/0x450
[<000003ffe00009f2>] do_one_initcall+0x42/0x1e0
[<000003ffe15b77a6>] do_initcalls+0x126/0x150
[<000003ffe15b7a0a>] kernel_init_freeable+0x1ba/0x1f8
[<000003ffe0d6650e>] kernel_init+0x2e/0x180
[<000003ffe000301c>] __ret_from_fork+0x3c/0x60
[<000003ffe0d759ca>] ret_from_fork+0xa/0x30

Fix this by removing sclp_state_change_event from sclp_reg_list when
sclp_init() fails.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Linux

Products

Linux

References

Canonical

CVE-2024-41068 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41068)

Miscellaneous

https://git.kernel.org/stable/c/a778987afc36d5dc02a1f82d352a81edcaf7eb83

https://git.kernel.org/stable/c/455a6653d8700a81aa8ed2b6442a3be476007090

https://git.kernel.org/stable/c/2e51db7ab71b89dc5a17068f5e201c69f13a4c9a

https://git.kernel.org/stable/c/cf521049fcd07071ed42dc9758fce7d5ee120ec6

https://git.kernel.org/stable/c/79b4be70d5a160969b805f638ac5b4efd0aac7a3

https://git.kernel.org/stable/c/0a31b3fdc7e735c4f8c65fe4339945c717ed6808

https://git.kernel.org/stable/c/be0259796d0b76bbc7461e12c186814a9e58244c

https://git.kernel.org/stable/c/6434b33faaa063df500af355ee6c3942e0f8d982

Rapid7

Unknown

CVE-2024-41068

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-41068

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-41068

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-41068

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification