CVE-2024-49995 - Vulnerability Details

Description

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: 2024-10-21

Score: 7.1 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-570.12.1.el9_6	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:6966	2025-05-13T00:00:00Z
kernel-0:5.14.0-570.12.1.el9_6	cpe:/o:redhat:enterprise_linux:9	RHSA-2025:6966	2025-05-13T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4008-1	linux-6.1 security update
Debian DLA	DLA-4075-1	linux security update
Ubuntu USN	USN-7166-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7166-2	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-7166-3	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-7166-4	Linux kernel (Xilinx ZynqMP) vulnerabilities
Ubuntu USN	USN-7186-1	Linux kernel (Intel IoTG) vulnerabilities
Ubuntu USN	USN-7186-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7194-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7276-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7277-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7293-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-4	Linux kernel vulnerabilities
Ubuntu USN	USN-7295-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7301-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7303-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7303-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7303-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7304-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7310-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7311-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7384-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7384-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7385-1	Linux kernel (IBM) vulnerabilities
Ubuntu USN	USN-7386-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-7393-1	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-7401-1	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-7403-1	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-7413-1	Linux kernel (IoT) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2024102138-CVE-2024-49995-ec59@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-49995
https://www.cve.org/CVERecord?id=CVE-2024-49995

History

Wed, 14 May 2025 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Thu, 24 Apr 2025 14:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	NVD-CWE-noinfo
CPEs	cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products	Linux Linux linux Kernel
References	https://git.kernel.org/stable/c/12d26aa7fd3cbdbc5149b6e516563478d575026e https://git.kernel.org/stable/c/2ed7f42dfd3edb387034128ca5b0f639836d4ddd https://git.kernel.org/stable/c/54dae0e9063ed23c9acf8d5ab9b18d3426a8ac18 https://git.kernel.org/stable/c/6555a2a9212be6983d2319d65276484f7c5f431a https://git.kernel.org/stable/c/80c0be7bcf940ce9308311575c3aff8983c9b97a https://git.kernel.org/stable/c/8298b6e45fb4d8944f356b08e4ea3e54df5e0488 https://git.kernel.org/stable/c/a18c7b239d02aafb791ae2c45226f6bb40641792 https://git.kernel.org/stable/c/c79768ffba5b6e95569a463a69b3101c95694867 https://git.kernel.org/stable/c/e2b2558971e02ca33eb637a8350d68a48b3e8e46
Metrics	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}`

Thu, 24 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Title	tipc: guard against string buffer overrun	kernel: tipc: guard against string buffer overrun
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 24 Apr 2025 14:00:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun Smatch reports that copying media_name and if_name to name_parts may overwrite the destination. .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16) .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16) This does seem to be the case so guard against this possibility by using strscpy() and failing if truncation occurs. Introduced by commit b97bf3fd8f6a ("[TIPC] Initial merge") Compile tested only.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Thu, 26 Dec 2024 02:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-120

Fri, 08 Nov 2024 16:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/8298b6e45fb4d8944f356b08e4ea3e54df5e0488 https://git.kernel.org/stable/c/c79768ffba5b6e95569a463a69b3101c95694867

Mon, 28 Oct 2024 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Tue, 22 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 22 Oct 2024 13:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024102138-CVE-2024-49995-ec59@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-49995 https://www.cve.org/CVERecord?id=CVE-2024-49995
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Mon, 21 Oct 2024 18:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun Smatch reports that copying media_name and if_name to name_parts may overwrite the destination. .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16) .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16) This does seem to be the case so guard against this possibility by using strscpy() and failing if truncation occurs. Introduced by commit b97bf3fd8f6a ("[TIPC] Initial merge") Compile tested only.
Title		tipc: guard against string buffer overrun
References		https://git.kernel.org/stable/c/12d26aa7fd3cbdbc5149b6e516563478d575026e https://git.kernel.org/stable/c/2ed7f42dfd3edb387034128ca5b0f639836d4ddd https://git.kernel.org/stable/c/54dae0e9063ed23c9acf8d5ab9b18d3426a8ac18 https://git.kernel.org/stable/c/6555a2a9212be6983d2319d65276484f7c5f431a https://git.kernel.org/stable/c/80c0be7bcf940ce9308311575c3aff8983c9b97a https://git.kernel.org/stable/c/a18c7b239d02aafb791ae2c45226f6bb40641792 https://git.kernel.org/stable/c/e2b2558971e02ca33eb637a8350d68a48b3e8e46

Subscriptions

Redhat Enterprise Linux

MITRE

Status: REJECTED

Assigner: Linux

Published: 2024-10-21T18:02:36.411Z

Updated: 2025-04-24T13:44:04.982Z

Reserved: 2024-10-21T12:17:06.056Z

Link: CVE-2024-49995

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-10-21T18:15:19.660

Modified: 2025-04-24T14:15:45.040

Link: CVE-2024-49995

Redhat

Severity : Moderate

Publid Date: 2024-10-21T00:00:00Z

Links: CVE-2024-49995 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-120

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object