CVE-2024-47755 - Vulnerability Details

Description

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: 2024-10-21

Score: 5.5 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2024102115-CVE-2024-47755-2cb3@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-47755
https://www.cve.org/CVERecord?id=CVE-2024-47755

History

Thu, 13 Feb 2025 00:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-400
Metrics	cvssV3_1 `{'score': 0.0, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N'}` threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 27 Nov 2024 02:30:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`	cvssV3_1 `{'score': 0.0, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N'}` threat_severity `None`

Wed, 23 Oct 2024 07:15:00 +0000

Type	Values Removed	Values Added
Title	nvdimm: Fix devs leaks in scan_labels()	kernel: nvdimm: Fix devs leaks in scan_labels()
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 23 Oct 2024 06:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401
CPEs	cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products	Linux Linux linux Kernel
References	https://git.kernel.org/stable/c/18a672c62d735744c6340eb3f5e58934a5d34cf2 https://git.kernel.org/stable/c/45db20bdb5695d06478d35e05fb2550441bed890 https://git.kernel.org/stable/c/62c2aa6b1f565d2fc1ec11a6e9e8336ce37a6426 https://git.kernel.org/stable/c/939053737edb49ba5bdc5846acb45f11d15b7ab4 https://git.kernel.org/stable/c/cdf0dfb3d183bbe0d0b6a6622c53d105074ad384

Wed, 23 Oct 2024 06:15:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: nvdimm: Fix devs leaks in scan_labels() scan_labels() leaks memory when label scanning fails and it falls back to just creating a default "seed" namespace for userspace to configure. Root can force the kernel to leak memory. Allocate the minimum resources unconditionally and release them when unneeded to avoid the memory leak. A kmemleak reports: unreferenced object 0xffff88800dda1980 (size 16): comm "kworker/u10:5", pid 69, jiffies 4294671781 hex dump (first 16 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 0): [<00000000c5dea560>] __kmalloc+0x32c/0x470 [<000000009ed43c83>] nd_region_register_namespaces+0x6fb/0x1120 [libnvdimm] [<000000000e07a65c>] nd_region_probe+0xfe/0x210 [libnvdimm] [<000000007b79ce5f>] nvdimm_bus_probe+0x7a/0x1e0 [libnvdimm] [<00000000a5f3da2e>] really_probe+0xc6/0x390 [<00000000129e2a69>] __driver_probe_device+0x78/0x150 [<000000002dfed28b>] driver_probe_device+0x1e/0x90 [<00000000e7048de2>] __device_attach_driver+0x85/0x110 [<0000000032dca295>] bus_for_each_drv+0x85/0xe0 [<00000000391c5a7d>] __device_attach+0xbe/0x1e0 [<0000000026dabec0>] bus_probe_device+0x94/0xb0 [<00000000c590d936>] device_add+0x656/0x870 [<000000003d69bfaa>] nd_async_device_register+0xe/0x50 [libnvdimm] [<000000003f4c52a4>] async_run_entry_fn+0x2e/0x110 [<00000000e201f4b0>] process_one_work+0x1ee/0x600 [<000000006d90d5a9>] worker_thread+0x183/0x350	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Tue, 22 Oct 2024 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel

Tue, 22 Oct 2024 01:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024102115-CVE-2024-47755-2cb3@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-47755 https://www.cve.org/CVERecord?id=CVE-2024-47755
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Mon, 21 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 21 Oct 2024 12:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: nvdimm: Fix devs leaks in scan_labels() scan_labels() leaks memory when label scanning fails and it falls back to just creating a default "seed" namespace for userspace to configure. Root can force the kernel to leak memory. Allocate the minimum resources unconditionally and release them when unneeded to avoid the memory leak. A kmemleak reports: unreferenced object 0xffff88800dda1980 (size 16): comm "kworker/u10:5", pid 69, jiffies 4294671781 hex dump (first 16 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 0): [<00000000c5dea560>] __kmalloc+0x32c/0x470 [<000000009ed43c83>] nd_region_register_namespaces+0x6fb/0x1120 [libnvdimm] [<000000000e07a65c>] nd_region_probe+0xfe/0x210 [libnvdimm] [<000000007b79ce5f>] nvdimm_bus_probe+0x7a/0x1e0 [libnvdimm] [<00000000a5f3da2e>] really_probe+0xc6/0x390 [<00000000129e2a69>] __driver_probe_device+0x78/0x150 [<000000002dfed28b>] driver_probe_device+0x1e/0x90 [<00000000e7048de2>] __device_attach_driver+0x85/0x110 [<0000000032dca295>] bus_for_each_drv+0x85/0xe0 [<00000000391c5a7d>] __device_attach+0xbe/0x1e0 [<0000000026dabec0>] bus_probe_device+0x94/0xb0 [<00000000c590d936>] device_add+0x656/0x870 [<000000003d69bfaa>] nd_async_device_register+0xe/0x50 [libnvdimm] [<000000003f4c52a4>] async_run_entry_fn+0x2e/0x110 [<00000000e201f4b0>] process_one_work+0x1ee/0x600 [<000000006d90d5a9>] worker_thread+0x183/0x350
Title		nvdimm: Fix devs leaks in scan_labels()
References		https://git.kernel.org/stable/c/18a672c62d735744c6340eb3f5e58934a5d34cf2 https://git.kernel.org/stable/c/45db20bdb5695d06478d35e05fb2550441bed890 https://git.kernel.org/stable/c/62c2aa6b1f565d2fc1ec11a6e9e8336ce37a6426 https://git.kernel.org/stable/c/939053737edb49ba5bdc5846acb45f11d15b7ab4 https://git.kernel.org/stable/c/cdf0dfb3d183bbe0d0b6a6622c53d105074ad384

Subscriptions

No data.

MITRE

Status: REJECTED

Assigner: Linux

Published: 2024-10-21T12:14:19.107Z

Updated: 2024-10-23T06:08:20.948Z

Reserved: 2024-09-30T16:00:12.962Z

Link: CVE-2024-47755

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-10-21T13:15:05.467

Modified: 2024-10-23T06:15:09.873

Link: CVE-2024-47755

Redhat

Severity : Moderate

Publid Date: 2024-10-21T00:00:00Z

Links: CVE-2024-47755 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-400

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object