In the Linux kernel, the following vulnerability has been resolved:
net/iucv: Avoid explicit cpumask var allocation on stack
For CONFIGCPUMASKOFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow.
Instead, kernel code should always use *cpumaskvar API(s) to allocate cpumask var in config-neutral way, leaving allocation strategy to CONFIGCPUMASK_OFFSTACK.
Use *cpumask_var API(s) to address it.
{ "vanir_signatures": [ { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@724e7965af054079242b8d6f7e50ee226730a756", "signature_type": "Line", "target": { "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "line_hashes": [ "337768743918149993481709991380674925476", "122069978841319723370940334630427430363", "9284442163567990115046822597184580826", "13524488735025354386659141896980169892", "117116177600508212386055143180752995675", "209512011386221309060706119009341741708", "88682252173898973406376475254374407835", "34141247400559349855450288416586171489", "229473938142623734680629527604207625748", "108759733825751246188898803882966676590", "92451564934887429449965056552286953986", "63022193839143252457737973941596299513", "248906267349565514059033408540170651299", "43200148785624805898558687412831210262", "59487530117179829498240116908726128984", "78511612688865164772516300050848717392", "56531151338331583083879735082805348630", "39313066941997738469810328555979857079", "174746703531978322461243533444400025259", "6099004534590295655172397031943126045" ], "threshold": 0.9 }, "id": "CVE-2024-42094-0edf1466" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2b085521be5292016097b5e7ca81b26be3f7098d", "signature_type": "Function", "target": { "function": "iucv_setmask_up", "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "length": 232.0, "function_hash": "13561024967596467034971082434709159544" }, "id": "CVE-2024-42094-14ebc001" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0af718a690acc089aa1bbb95a93df833d864ef53", "signature_type": "Line", "target": { "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "line_hashes": [ "337768743918149993481709991380674925476", "122069978841319723370940334630427430363", "9284442163567990115046822597184580826", "13524488735025354386659141896980169892", "117116177600508212386055143180752995675", "209512011386221309060706119009341741708", "88682252173898973406376475254374407835", "34141247400559349855450288416586171489", "229473938142623734680629527604207625748", "108759733825751246188898803882966676590", "92451564934887429449965056552286953986", "63022193839143252457737973941596299513", "248906267349565514059033408540170651299", "43200148785624805898558687412831210262", "59487530117179829498240116908726128984", "78511612688865164772516300050848717392", "56531151338331583083879735082805348630", "39313066941997738469810328555979857079", "174746703531978322461243533444400025259", "6099004534590295655172397031943126045" ], "threshold": 0.9 }, "id": "CVE-2024-42094-35aa9966" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0af718a690acc089aa1bbb95a93df833d864ef53", "signature_type": "Function", "target": { "function": "iucv_setmask_up", "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "length": 232.0, "function_hash": "13561024967596467034971082434709159544" }, "id": "CVE-2024-42094-3a82c209" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2b085521be5292016097b5e7ca81b26be3f7098d", "signature_type": "Line", "target": { "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "line_hashes": [ "337768743918149993481709991380674925476", "122069978841319723370940334630427430363", "9284442163567990115046822597184580826", "13524488735025354386659141896980169892", "117116177600508212386055143180752995675", "209512011386221309060706119009341741708", "88682252173898973406376475254374407835", "34141247400559349855450288416586171489", "229473938142623734680629527604207625748", "108759733825751246188898803882966676590", "92451564934887429449965056552286953986", "63022193839143252457737973941596299513", "248906267349565514059033408540170651299", "43200148785624805898558687412831210262", "59487530117179829498240116908726128984", "78511612688865164772516300050848717392", "56531151338331583083879735082805348630", "39313066941997738469810328555979857079", "174746703531978322461243533444400025259", "6099004534590295655172397031943126045" ], "threshold": 0.9 }, "id": "CVE-2024-42094-47817f3a" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d85ca8179a54ff8cf1e1f8c3c9e3799831319bae", "signature_type": "Line", "target": { "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "line_hashes": [ "337768743918149993481709991380674925476", "122069978841319723370940334630427430363", "9284442163567990115046822597184580826", "13524488735025354386659141896980169892", "117116177600508212386055143180752995675", "209512011386221309060706119009341741708", "88682252173898973406376475254374407835", "34141247400559349855450288416586171489", "229473938142623734680629527604207625748", "108759733825751246188898803882966676590", "92451564934887429449965056552286953986", "63022193839143252457737973941596299513", "248906267349565514059033408540170651299", "43200148785624805898558687412831210262", "59487530117179829498240116908726128984", "78511612688865164772516300050848717392", "56531151338331583083879735082805348630", "39313066941997738469810328555979857079", "174746703531978322461243533444400025259", "6099004534590295655172397031943126045" ], "threshold": 0.9 }, "id": "CVE-2024-42094-497bcc5b" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be4e1304419c99a164b4c0e101c7c2a756b635b9", "signature_type": "Function", "target": { "function": "iucv_cpu_down_prep", "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "length": 377.0, "function_hash": "4698689578001104916799346123849546763" }, "id": "CVE-2024-42094-5de13bff" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be4e1304419c99a164b4c0e101c7c2a756b635b9", "signature_type": "Function", "target": { "function": "iucv_setmask_up", "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "length": 232.0, "function_hash": "13561024967596467034971082434709159544" }, "id": "CVE-2024-42094-61e768fe" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@724e7965af054079242b8d6f7e50ee226730a756", "signature_type": "Function", "target": { "function": "iucv_setmask_up", "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "length": 232.0, "function_hash": "13561024967596467034971082434709159544" }, "id": "CVE-2024-42094-6be24233" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d85ca8179a54ff8cf1e1f8c3c9e3799831319bae", "signature_type": "Function", "target": { "function": "iucv_cpu_down_prep", "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "length": 377.0, "function_hash": "4698689578001104916799346123849546763" }, "id": "CVE-2024-42094-72e8a3d5" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9dadab0db7d904413ea1cdaa13f127da05c31e71", "signature_type": "Function", "target": { "function": "iucv_cpu_down_prep", "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "length": 377.0, "function_hash": "4698689578001104916799346123849546763" }, "id": "CVE-2024-42094-76b6c07f" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9dadab0db7d904413ea1cdaa13f127da05c31e71", "signature_type": "Line", "target": { "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "line_hashes": [ "337768743918149993481709991380674925476", "122069978841319723370940334630427430363", "9284442163567990115046822597184580826", "13524488735025354386659141896980169892", "117116177600508212386055143180752995675", "209512011386221309060706119009341741708", "88682252173898973406376475254374407835", "34141247400559349855450288416586171489", "229473938142623734680629527604207625748", "108759733825751246188898803882966676590", "92451564934887429449965056552286953986", "63022193839143252457737973941596299513", "248906267349565514059033408540170651299", "43200148785624805898558687412831210262", "59487530117179829498240116908726128984", "78511612688865164772516300050848717392", "56531151338331583083879735082805348630", "39313066941997738469810328555979857079", "174746703531978322461243533444400025259", "6099004534590295655172397031943126045" ], "threshold": 0.9 }, "id": "CVE-2024-42094-7a8841fb" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be4e1304419c99a164b4c0e101c7c2a756b635b9", "signature_type": "Line", "target": { "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "line_hashes": [ "337768743918149993481709991380674925476", "122069978841319723370940334630427430363", "9284442163567990115046822597184580826", "13524488735025354386659141896980169892", "117116177600508212386055143180752995675", "209512011386221309060706119009341741708", "88682252173898973406376475254374407835", "34141247400559349855450288416586171489", "229473938142623734680629527604207625748", "108759733825751246188898803882966676590", "92451564934887429449965056552286953986", "63022193839143252457737973941596299513", "248906267349565514059033408540170651299", "43200148785624805898558687412831210262", "59487530117179829498240116908726128984", "78511612688865164772516300050848717392", "56531151338331583083879735082805348630", "39313066941997738469810328555979857079", "174746703531978322461243533444400025259", "6099004534590295655172397031943126045" ], "threshold": 0.9 }, "id": "CVE-2024-42094-8d79015a" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@724e7965af054079242b8d6f7e50ee226730a756", "signature_type": "Function", "target": { "function": "iucv_cpu_down_prep", "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "length": 377.0, "function_hash": "4698689578001104916799346123849546763" }, "id": "CVE-2024-42094-93164757" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2d090c7f7be3b26fcb80ac04d08a4a8062b1d959", "signature_type": "Function", "target": { "function": "iucv_setmask_up", "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "length": 232.0, "function_hash": "13561024967596467034971082434709159544" }, "id": "CVE-2024-42094-a67fe11e" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0af718a690acc089aa1bbb95a93df833d864ef53", "signature_type": "Function", "target": { "function": "iucv_cpu_down_prep", "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "length": 377.0, "function_hash": "4698689578001104916799346123849546763" }, "id": "CVE-2024-42094-aafc6bed" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2d090c7f7be3b26fcb80ac04d08a4a8062b1d959", "signature_type": "Function", "target": { "function": "iucv_cpu_down_prep", "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "length": 377.0, "function_hash": "4698689578001104916799346123849546763" }, "id": "CVE-2024-42094-bd6f84bb" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2b085521be5292016097b5e7ca81b26be3f7098d", "signature_type": "Function", "target": { "function": "iucv_cpu_down_prep", "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "length": 377.0, "function_hash": "4698689578001104916799346123849546763" }, "id": "CVE-2024-42094-c6f17cfc" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2d090c7f7be3b26fcb80ac04d08a4a8062b1d959", "signature_type": "Line", "target": { "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "line_hashes": [ "337768743918149993481709991380674925476", "122069978841319723370940334630427430363", "9284442163567990115046822597184580826", "13524488735025354386659141896980169892", "117116177600508212386055143180752995675", "209512011386221309060706119009341741708", "88682252173898973406376475254374407835", "34141247400559349855450288416586171489", "229473938142623734680629527604207625748", "108759733825751246188898803882966676590", "92451564934887429449965056552286953986", "63022193839143252457737973941596299513", "248906267349565514059033408540170651299", "43200148785624805898558687412831210262", "59487530117179829498240116908726128984", "78511612688865164772516300050848717392", "56531151338331583083879735082805348630", "39313066941997738469810328555979857079", "174746703531978322461243533444400025259", "6099004534590295655172397031943126045" ], "threshold": 0.9 }, "id": "CVE-2024-42094-cba3b490" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@842afb47d84536fc976fece8fb6c54bea711ad1a", "signature_type": "Function", "target": { "function": "iucv_cpu_down_prep", "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "length": 377.0, "function_hash": "4698689578001104916799346123849546763" }, "id": "CVE-2024-42094-d4e4e31f" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@842afb47d84536fc976fece8fb6c54bea711ad1a", "signature_type": "Line", "target": { "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "line_hashes": [ "337768743918149993481709991380674925476", "122069978841319723370940334630427430363", "9284442163567990115046822597184580826", "13524488735025354386659141896980169892", "117116177600508212386055143180752995675", "209512011386221309060706119009341741708", "88682252173898973406376475254374407835", "34141247400559349855450288416586171489", "229473938142623734680629527604207625748", "108759733825751246188898803882966676590", "92451564934887429449965056552286953986", "63022193839143252457737973941596299513", "248906267349565514059033408540170651299", "43200148785624805898558687412831210262", "59487530117179829498240116908726128984", "78511612688865164772516300050848717392", "56531151338331583083879735082805348630", "39313066941997738469810328555979857079", "174746703531978322461243533444400025259", "6099004534590295655172397031943126045" ], "threshold": 0.9 }, "id": "CVE-2024-42094-dd5c776f" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d85ca8179a54ff8cf1e1f8c3c9e3799831319bae", "signature_type": "Function", "target": { "function": "iucv_setmask_up", "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "length": 232.0, "function_hash": "13561024967596467034971082434709159544" }, "id": "CVE-2024-42094-e428bdc0" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@842afb47d84536fc976fece8fb6c54bea711ad1a", "signature_type": "Function", "target": { "function": "iucv_setmask_up", "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "length": 232.0, "function_hash": "13561024967596467034971082434709159544" }, "id": "CVE-2024-42094-f0de7dea" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9dadab0db7d904413ea1cdaa13f127da05c31e71", "signature_type": "Function", "target": { "function": "iucv_setmask_up", "file": "net/iucv/iucv.c" }, "deprecated": false, "digest": { "length": 232.0, "function_hash": "13561024967596467034971082434709159544" }, "id": "CVE-2024-42094-f434f1aa" } ] }