CVE-2024-39499

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-39499
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39499.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-39499
Downstream
Related
Published
2024-07-12T12:20:33.658Z
Modified
2026-03-14T12:34:45.038660Z
Summary
vmci: prevent speculation leaks by sanitizing event in event_deliver()
Details

In the Linux kernel, the following vulnerability has been resolved:

vmci: prevent speculation leaks by sanitizing event in event_deliver()

Coverity spotted that eventmsg is controlled by user-space, eventmsg->eventdata.event is passed to eventdeliver() and used as an index without sanitization.

This change ensures that the event index is sanitized to mitigate any possibility of speculative information leaks.

This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc.

Only compile tested, no access to HW.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39499.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1d990201f9bb499b7c76ab00abeb7e803c0bcb2a
Fixed
58730dfbd4ae01c1b022b0d234a8bf8c02cdfb81
Fixed
681967c4ff210e06380acf9b9a1b33ae06e77cbd
Fixed
f70ff737346744633e7b655c1fb23e1578491ff3
Fixed
95ac3e773a1f8da83c4710a720fbfe80055aafae
Fixed
95bac1c8bedb362374ea1937b1d3e833e01174ee
Fixed
e293c6b38ac9029d76ff0d2a6b2d74131709a9a8
Fixed
757804e1c599af5d2a7f864c8e8b2842406ff4bb
Fixed
8003f00d895310d409b2bf9ef907c56b42a4e0f4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39499.json"