PT-2024-30681 · Linux+5 · Linux Kernel+5

Published

2024-07-04

·

Updated

2026-03-14

·

CVE-2024-43819

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.2
Description A null pointer dereference issue has been resolved in the Linux kernel. The issue occurs when the KVM SET USER MEMORY REGION and KVM SET USER MEMORY REGION2 ioctls are called on a ucontrol VM, which has kvm->arch.gmap set to 0. To avoid this issue, memory management should be performed in userspace using the ioctls KVM S390 UCAS MAP and KVM S390 UCAS UNMAP. The s390 specific documentation for KVM SET USER MEMORY REGION and KVM SET USER MEMORY REGION2 has also been improved.
Recommendations Upgrade to a version later than 6.10.2 to resolve the issue. As a temporary workaround, consider rejecting the KVM SET USER MEMORY REGION and KVM SET USER MEMORY REGION2 ioctls when called on a ucontrol VM. Restrict access to the vulnerable ioctls to minimize the risk of exploitation. Avoid using the ioctls KVM SET USER MEMORY REGION and KVM SET USER MEMORY REGION2 on ucontrol VMs until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2025-12647
AZL-48480
AZL-48517
BDU:2025-02963
CVE-2024-43819
ECHO-85F2-8F14-6984
OESA-2024-2076
OESA-2024-2077
OESA-2024-2078
OESA-2024-2080
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
SUSE-SU-2024:3189-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3251-1
SUSE-SU-2024:3252-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7196-1

Affected Products

Alt Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu