Marc Hartmayer

#16557of 53,633
16.2Total CVSS
Vulnerabilities · 3
Medium
3
PT-2024-28107
6.0
2024-04-08
Linux · Linux Kernel · CVE-2024-38661
**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.9.0-rc7 **Description** A system crash occurs when the /sys/bus/ap/a[pq]mask file is updated with a relative mask value, such as +0x10-0x12,+60,-90, where one of the numeric values exceeds INT MAX. The issue arises from using a simple int for internal variables, which can lead to an overflow. The fix involves using unsigned long values for the internal variables. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the s390/ap: Fix crash in AP internal function modify bitmap() vulnerability. As a temporary workaround, consider restricting access to the /sys/bus/ap/a[pq]mask file to minimize the risk of exploitation.
PT-2024-14676
4.7
2024-04-03
Linux · Linux Kernel · CVE-2023-52639
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A race condition in the KVM: s390: vsie component can cause a crash when `gmap->private` is zero in `kvm s390 vsie gmap notifier`. This issue arises because `gmap->private` is set to `vcpu->kvm` after creation in the `acquire gmap shadow` function. The problem can be mitigated by ensuring that children inherit the private field of the parent. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-11077
5.5
2021-04-21
Linux · Linux Kernel · CVE-2021-46968
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a memory leak in the Linux kernel, specifically in the s390/zcrypt module. Tests with kvm and a kmemdebug kernel showed that on hot unplug, the zcard and zqueue structs for the unplugged card or queue are not properly freed due to a mismatch with get/put for the embedded kref counter. This fix adjusts the handling of the kref counters, which start with an initial value of 1 and need to drop to zero with the unregister of the card or queue to trigger the release and free the object. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.