CVE-2024-42099

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-42099

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42099.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-42099

Downstream

BELL-CVE-2024-42099

DEBIAN-CVE-2024-42099

UBUNTU-CVE-2024-42099

Published

2024-07-30T07:45:55Z

Modified

2025-10-22T00:25:28.820281Z

Summary

s390/dasd: Fix invalid dereferencing of indirect CCW data pointer

Details

In the Linux kernel, the following vulnerability has been resolved:

s390/dasd: Fix invalid dereferencing of indirect CCW data pointer

Fix invalid dereferencing of indirect CCW data pointer in dasdeckddump_sense() that leads to a kernel panic in error cases.

When using indirect addressing for DASD CCWs (IDAW) the CCW CDA pointer does not contain the data address itself but a pointer to the IDAL. This needs to be translated from physical to virtual as well before using it.

This dereferencing is also used for dasdpagecache and also fixed although it is very unlikely that this code path ever gets used.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c0bd39601c13ab08e961d77a90dfeeff56056353

Fixed

c116475f7d6410b1e6d399207ac75de6cf9c3652

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c0bd39601c13ab08e961d77a90dfeeff56056353

Fixed

b3a58f3b90f564f42a5c35778d8c5107b2c2150b

Affected versions

v6.*

v6.10-rc1

v6.10-rc2

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

v6.9.1

v6.9.2

v6.9.3

v6.9.4

v6.9.5

v6.9.6

v6.9.7

v6.9.8

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.9.0

Fixed

6.9.9