CVE-2024-45021

memcg_write_event_control(): fix a user-triggerable oops

Description

In the Linux kernel, the following vulnerability has been resolved: memcg_write_event_control(): fix a user-triggerable oops we are *not* guaranteed that anything past the terminating NUL is mapped (let alone initialized with anything sane).

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.08%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411 patch
https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8 patch
https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b patch
https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227 patch
https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7 patch
https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c patch
https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61 patch
https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e patch

Frequently Asked Questions

What is the severity of CVE-2024-45021?
CVE-2024-45021 has been scored as a medium severity vulnerability.
How to fix CVE-2024-45021?
To fix CVE-2024-45021, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-45021 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-45021 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-45021?
CVE-2024-45021 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.