PT-2024-10497 · Linux+8 · Linux Kernel+8

Nathan Lynch

Published

2024-04-29

Updated

2025-09-29

CVE-2024-40974

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the powerpc/pseries component of the Linux kernel, where functions like plpar hcall() and plpar hcall9() expect callers to provide valid result buffers of a certain minimum size. However, this requirement is currently only communicated through comments in the code, and the compiler is not aware of it. This can lead to stack corruption at runtime if the provided buffer is too small. To mitigate this, explicitly-sized array parameters can be used instead of pointers in the declarations for the hcall APIs. When compiled with -Warray-bounds, the code can provoke a diagnostic if the array argument is too small.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

ALSA-2024:5101

ALSA-2025_16880

BDU:2025-01048

CESA-2024_5101

CVE-2024-40974

DLA-4008-1

DSA-5730-1

DSA-5731-1

INFSA-2024_5101

OESA-2024-1894

OESA-2024-1895

OESA-2024-1896

OESA-2024-1897

RHSA-2024:5101

RHSA-2024_5101

RLSA-2024:5101

RXSA-2024:5101

USN-6999-1

USN-6999-2

USN-7003-1

USN-7003-2

USN-7003-3

USN-7003-4

USN-7003-5

USN-7004-1

USN-7005-1

USN-7005-2

USN-7006-1

USN-7007-1

USN-7007-2

USN-7007-3

USN-7008-1

USN-7009-1

USN-7009-2

USN-7019-1

USN-7029-1

Affected Products

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Ubuntu

PT-2024-10497 · Linux+8 · Linux Kernel+8

CVE-2024-40974

Weakness Enumeration

Related Identifiers

Affected Products

References · 1191