FKIE_CVE-2024-39499
Vulnerability from fkie_nvd - Published: 2024-07-12 13:15 - Updated: 2026-06-17 07:42
Severity
Summary
In the Linux kernel, the following vulnerability has been resolved:
vmci: prevent speculation leaks by sanitizing event in event_deliver()
Coverity spotted that event_msg is controlled by user-space,
event_msg->event_data.event is passed to event_deliver() and used
as an index without sanitization.
This change ensures that the event index is sanitized to mitigate any
possibility of speculative information leaks.
This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.
Only compile tested, no access to HW.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/misc/vmw_vmci/vmci_event.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "58730dfbd4ae01c1b022b0d234a8bf8c02cdfb81",
"status": "affected",
"version": "1d990201f9bb499b7c76ab00abeb7e803c0bcb2a",
"versionType": "git"
},
{
"lessThan": "681967c4ff210e06380acf9b9a1b33ae06e77cbd",
"status": "affected",
"version": "1d990201f9bb499b7c76ab00abeb7e803c0bcb2a",
"versionType": "git"
},
{
"lessThan": "f70ff737346744633e7b655c1fb23e1578491ff3",
"status": "affected",
"version": "1d990201f9bb499b7c76ab00abeb7e803c0bcb2a",
"versionType": "git"
},
{
"lessThan": "95ac3e773a1f8da83c4710a720fbfe80055aafae",
"status": "affected",
"version": "1d990201f9bb499b7c76ab00abeb7e803c0bcb2a",
"versionType": "git"
},
{
"lessThan": "95bac1c8bedb362374ea1937b1d3e833e01174ee",
"status": "affected",
"version": "1d990201f9bb499b7c76ab00abeb7e803c0bcb2a",
"versionType": "git"
},
{
"lessThan": "e293c6b38ac9029d76ff0d2a6b2d74131709a9a8",
"status": "affected",
"version": "1d990201f9bb499b7c76ab00abeb7e803c0bcb2a",
"versionType": "git"
},
{
"lessThan": "757804e1c599af5d2a7f864c8e8b2842406ff4bb",
"status": "affected",
"version": "1d990201f9bb499b7c76ab00abeb7e803c0bcb2a",
"versionType": "git"
},
{
"lessThan": "8003f00d895310d409b2bf9ef907c56b42a4e0f4",
"status": "affected",
"version": "1d990201f9bb499b7c76ab00abeb7e803c0bcb2a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/misc/vmw_vmci/vmci_event.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE39A8E-9E44-4E72-939C-75F992B55FF0",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E38E58-1B9F-4DF2-AD3D-A8BEAA2959D8",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "659E1520-6345-41AF-B893-A7C0647585A0",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10A39ACC-3005-40E8-875C-98A372D1FFD5",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D435765D-2766-44F5-B319-F713A13E35CE",
"versionEndExcluding": "6.1.95",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F019D15-84C0-416B-8C57-7F51B68992F0",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975",
"versionEndExcluding": "6.9.6",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg-\u003eevent_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: vmci: evita fugas especulativas sanitizando el evento en event_deliver(). Coverity detect\u00f3 que event_msg est\u00e1 controlado por el espacio de usuario, event_msg-\u0026gt;event_data.event se pasa a event_deliver() y se usa como un \u00edndice sin sanitizaci\u00f3n. Este cambio garantiza que el \u00edndice de eventos est\u00e9 sanitizado para mitigar cualquier posibilidad de fuga de informaci\u00f3n especulativa. Este error fue descubierto y resuelto utilizando Coverity Static Analysis Security Testing (SAST) por Synopsys, Inc. Solo se prueba la compilaci\u00f3n, no hay acceso al hardware."
}
],
"id": "CVE-2024-39499",
"lastModified": "2026-06-17T07:42:03.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2024-39499",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:07:16.825229Z",
"version": "2.0.3"
}
}
]
},
"published": "2024-07-12T13:15:12.450",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/58730dfbd4ae01c1b022b0d234a8bf8c02cdfb81"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/681967c4ff210e06380acf9b9a1b33ae06e77cbd"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/757804e1c599af5d2a7f864c8e8b2842406ff4bb"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/8003f00d895310d409b2bf9ef907c56b42a4e0f4"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/95ac3e773a1f8da83c4710a720fbfe80055aafae"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/95bac1c8bedb362374ea1937b1d3e833e01174ee"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/e293c6b38ac9029d76ff0d2a6b2d74131709a9a8"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/f70ff737346744633e7b655c1fb23e1578491ff3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/58730dfbd4ae01c1b022b0d234a8bf8c02cdfb81"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/681967c4ff210e06380acf9b9a1b33ae06e77cbd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/757804e1c599af5d2a7f864c8e8b2842406ff4bb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/8003f00d895310d409b2bf9ef907c56b42a4e0f4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/95ac3e773a1f8da83c4710a720fbfe80055aafae"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/95bac1c8bedb362374ea1937b1d3e833e01174ee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/e293c6b38ac9029d76ff0d2a6b2d74131709a9a8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/f70ff737346744633e7b655c1fb23e1578491ff3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…