fkie_cve-2024-41029
Vulnerability from fkie_nvd
Published
2024-07-29 15:15
Modified
2024-11-21 09:32
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: nvmem: core: limit cell sysfs permissions to main attribute ones The cell sysfs attribute should not provide more access to the nvmem data than the main attribute itself. For example if nvme_config::root_only was set, the cell attribute would still provide read access to everybody. Mask out permissions not available on the main attribute.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6bef98bafd82903a8d461463f9594f19f1fd6a85
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/aa066afaaac32caf2160d58d4e3010ee04421c62
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/6bef98bafd82903a8d461463f9594f19f1fd6a85
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/aa066afaaac32caf2160d58d4e3010ee04421c62
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmem: core: limit cell sysfs permissions to main attribute ones\n\nThe cell sysfs attribute should not provide more access to the nvmem\ndata than the main attribute itself.\nFor example if nvme_config::root_only was set, the cell attribute\nwould still provide read access to everybody.\n\nMask out permissions not available on the main attribute."
    },
    {
      "lang": "es",
      "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmem: core: limita los permisos de cell sysfs a los del atributo principal. El atributo cell sysfs no debe proporcionar m\u00e1s acceso a los datos de nvmem que el propio atributo principal. Por ejemplo, si se configur\u00f3 nvme_config::root_only, el atributo de celda a\u00fan proporcionar\u00eda acceso de lectura a todos. Oculte los permisos que no est\u00e1n disponibles en el atributo principal."
    }
  ],
  "id": "CVE-2024-41029",
  "lastModified": "2024-11-21T09:32:05.920",
  "metrics": {},
  "published": "2024-07-29T15:15:11.627",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6bef98bafd82903a8d461463f9594f19f1fd6a85"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/aa066afaaac32caf2160d58d4e3010ee04421c62"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/6bef98bafd82903a8d461463f9594f19f1fd6a85"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/aa066afaaac32caf2160d58d4e3010ee04421c62"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.