PT-2024-6852 · Linux+5 · Linux Kernel+5

Sean Christopherson

Published

2024-08-26

Updated

2025-02-03

CVE-2024-46794

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the mmio read() function in the Linux kernel, which makes a TDVMCALL to retrieve MMIO data for an address from the VMM. The function unintentionally exposes the value of an initialized variable (val) on the stack to the VMM. This variable is only needed as an output value and did not need to be passed to the VMM in the first place. The problem can be exploited to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-401

Related Identifiers

AZL-53295

BDU:2024-08072

BDU:2024-08078

CVE-2024-46794

DLA-4008-1

DSA-5782-1

MGASA-2024-0316

MGASA-2024-0318

OESA-2024-2423

OPENSUSE-SU-2024_3551-1

OPENSUSE-SU-2024_3561-1

OPENSUSE-SU-2024_3564-1

OPENSUSE-SU-2024_3587-1

OPENSUSE-SU-2024_3592-1

SUSE-SU-2024:3551-1

SUSE-SU-2024:3553-1

SUSE-SU-2024:3561-1

SUSE-SU-2024:3564-1

SUSE-SU-2024:3569-1

SUSE-SU-2024:3587-1

SUSE-SU-2024:3592-1

SUSE-SU-2025:20073-1

SUSE-SU-2025:20077-1

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7196-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-6852 · Linux+5 · Linux Kernel+5

CVE-2024-46794

Weakness Enumeration

Related Identifiers

Affected Products

References · 1164