CVE-2024-42099

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the invalid dereferencing of indirect CCW data pointers in the Linux kernel, specifically in the dasd eckd dump sense() function, which can lead to a kernel panic in error cases. When using indirect addressing for DASD CCWs (IDAW), the CCW CDA pointer does not contain the data address itself but a pointer to the IDAL, which needs to be translated from physical to virtual before use. This dereferencing is also used for dasd page cache and has been fixed, although it is unlikely that this code path is ever used.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.