CVE-2024-36953

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36953
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36953.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-36953
Downstream
Related
Published
2024-05-30T16:15:18Z
Modified
2025-08-09T20:01:25Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgicv2parse_attr()

vgicv2parseattr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvmgetvcpuby_id() returns NULL, which isn't handled gracefully.

Similar to the GICv3 uaccess flow, check that kvmgetvcpubyid() actually returns something and fail the ioctl if not.

References

Affected packages