CVE-2024-44969

low-risk

Published 2024-09-04

In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation. If this attempt fails due to a hardware or firmware problem, there is a chance that the SCLP facility might store data into buffers referenced by the original operation at a later time. Handle this situation by not releasing the referenced data buffers if the halt attempt fails. For current use cases, this might result in a leak of few pages of memory in case of a rare hardware/firmware malfunction.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (9)

Patch https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633

Patch https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05

Patch https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506

Patch https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79

Patch https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe

Patch https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148

Patch https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463

Patch https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal