CVE-2024-53145

um: Fix potential integer overflow during physmem setup

Description

In the Linux kernel, the following vulnerability has been resolved: um: Fix potential integer overflow during physmem setup This issue happens when the real map size is greater than LONG_MAX, which can be easily triggered on UML/i386.

References

Link	Tags
https://git.kernel.org/stable/c/5c710f45811e7e2bfcf703980c306f19c7e1ecfe	patch
https://git.kernel.org/stable/c/e6102b72edc4eb8c0858df00ba74b5ce579c8fa2	patch
https://git.kernel.org/stable/c/1bd118c5f887802cef2d9ba0d1917258667f1cae	patch
https://git.kernel.org/stable/c/1575df968650d11771359e5ac78278c5b0cc19f3	patch
https://git.kernel.org/stable/c/a875c023155ea92b75d6323977003e64d92ae7fc	patch
https://git.kernel.org/stable/c/d1a211e5210d31da8f49fc0021bf7129b726468c	patch
https://git.kernel.org/stable/c/a9c95f787b88b29165563fd97761032db77116e7	patch
https://git.kernel.org/stable/c/a98b7761f697e590ed5d610d87fa12be66f23419	patch

Frequently Asked Questions

What is the severity of CVE-2024-53145?: CVE-2024-53145 has been scored as a medium severity vulnerability.
How to fix CVE-2024-53145?: To fix CVE-2024-53145, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-53145 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-53145 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-53145?: CVE-2024-53145 affects Linux Linux, Linux Linux.

Description

Category

CWE-190 – Integer Overflow or Wraparound

References

Frequently Asked Questions