CVE-2024-42157: s390/pkey: Wipe sensitive data on failure

0.0 CVSS

Description

In the Linux kernel, the following vulnerability has been resolved:

s390/pkey: Wipe sensitive data on failure

Wipe sensitive data from stack also if the copy_to_user() fails.

Classification

CVE ID: CVE-2024-42157

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 15.23% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://git.kernel.org/stable/c/6e2e374403bf73140d0efc9541cb1b3bea55ac02
https://git.kernel.org/stable/c/b5eb9176ebd4697bc248bf8d145e66d782cf5250
https://git.kernel.org/stable/c/93c034c4314bc4c4450a3869cd5da298502346ad
https://git.kernel.org/stable/c/4889f117755b2f18c23045a0f57977f3ec130581
https://git.kernel.org/stable/c/c51795885c801b6b7e976717e0d6d45b1e5be0f0
https://git.kernel.org/stable/c/90a01aefb84b09ccb6024d75d85bb8f620bd3487
https://git.kernel.org/stable/c/c44a2151e5d21c66b070a056c26471f30719b575
https://git.kernel.org/stable/c/1d8c270de5eb74245d72325d285894a577a945d9

Timeline

2024-12-03 00:12:16 UTC
CVE

s390/pkey: Wipe sensitive data on failure