CVE-2024-58010

一、漏洞信息
漏洞编号：CVE-2024-58010
漏洞归属组件：kernel
漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.19,6.1.8,6.4.0,6.6.0
CVSS V3.0分值：
BaseScore：5.5 Medium
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞简述：
In the Linux kernel, the following vulnerability has been resolved:binfmt_flat: Fix integer overflow bug on 32 bit systemsMost of these sizes and counts are capped at 256MB so the math doesn tresult in an integer overflow. The relocs count needs to be checkedas well. Otherwise on 32bit systems the calculation of full_data could be wrong. full_data = data_len + relocs * sizeof(unsigned long);
漏洞公开时间：2025-02-27 11:15:11
漏洞创建时间：2025-02-27 12:59:05
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2024-58010

更多参考(点击展开)

参考来源	参考链接	来源链接
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0b6be54d7386b7addbf9e5947366f94aad046938
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/55cf2f4b945f6a6416cc2524ba740b83cc9af25a
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/6fb98e0576ea155267e206286413dcb3a3d55c12
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/8e8cd712bb06a507b26efd2a56155076aa454345
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/95506c7f33452450346fbe2975c1359100f854ca
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a009378af674b808efcca1e2e67916e79ce866b3
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/bc8ca18b8ef4648532c001bd6c8151143b569275
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d17ca8f2dfcf423c439859995910a20e38b86f00
suse_bugzilla	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-58010	https://bugzilla.suse.com/show_bug.cgi?id=1238765
suse_bugzilla	https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-58010.mbox	https://bugzilla.suse.com/show_bug.cgi?id=1238765
suse_bugzilla	https://git.kernel.org/stable/c/95506c7f33452450346fbe2975c1359100f854ca	https://bugzilla.suse.com/show_bug.cgi?id=1238765
suse_bugzilla	https://git.kernel.org/stable/c/d17ca8f2dfcf423c439859995910a20e38b86f00	https://bugzilla.suse.com/show_bug.cgi?id=1238765
suse_bugzilla	https://git.kernel.org/stable/c/a009378af674b808efcca1e2e67916e79ce866b3	https://bugzilla.suse.com/show_bug.cgi?id=1238765
suse_bugzilla	https://git.kernel.org/stable/c/8e8cd712bb06a507b26efd2a56155076aa454345	https://bugzilla.suse.com/show_bug.cgi?id=1238765
suse_bugzilla	https://git.kernel.org/stable/c/55cf2f4b945f6a6416cc2524ba740b83cc9af25a	https://bugzilla.suse.com/show_bug.cgi?id=1238765
suse_bugzilla	https://www.cve.org/CVERecord?id=CVE-2024-58010	https://bugzilla.suse.com/show_bug.cgi?id=1238765
suse_bugzilla	https://bugzilla.redhat.com/show_bug.cgi?id=2348558	https://bugzilla.suse.com/show_bug.cgi?id=1238765
debian		https://security-tracker.debian.org/tracker/CVE-2024-58010

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息：

详情(点击展开)

影响的包	修复版本	修复补丁	问题引入补丁	来源
		https://git.kernel.org/stable/c/55cf2f4b945f6a6416cc2524ba740b83cc9af25a		nvd
		https://git.kernel.org/stable/c/8e8cd712bb06a507b26efd2a56155076aa454345		nvd
		https://git.kernel.org/stable/c/95506c7f33452450346fbe2975c1359100f854ca		nvd
		https://git.kernel.org/stable/c/a009378af674b808efcca1e2e67916e79ce866b3		nvd
		https://git.kernel.org/stable/c/d17ca8f2dfcf423c439859995910a20e38b86f00		nvd
linux_kernel	6.1.129	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=95506c7f33452450346fbe2975c1359100f854caIssue	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c995ee28d29d6f256c3a8a6c4e66469554374f25	linuxkernelcves
linux_kernel	6.6.78	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d17ca8f2dfcf423c439859995910a20e38b86f00Issue	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c995ee28d29d6f256c3a8a6c4e66469554374f25	linuxkernelcves
linux_kernel	6.12.14	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a009378af674b808efcca1e2e67916e79ce866b3Issue	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c995ee28d29d6f256c3a8a6c4e66469554374f25	linuxkernelcves
linux_kernel	6.13.3	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=8e8cd712bb06a507b26efd2a56155076aa454345Issue	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c995ee28d29d6f256c3a8a6c4e66469554374f25	linuxkernelcves
linux_kernel	6.14-rc1	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55cf2f4b945f6a6416cc2524ba740b83cc9af25aPlease	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c995ee28d29d6f256c3a8a6c4e66469554374f25	linuxkernelcves

二、漏洞分析结构反馈
影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:binfmt_flat: Fix integer overflow bug on 32 bit systemsMost of these sizes and counts are capped at 256MB so the math doesn tresult in an integer overflow. The relocs count needs to be checkedas well. Otherwise on 32bit systems the calculation of full_data could be wrong.full_data = data_len + relocs * sizeof(unsigned long);
openEuler评分：
5.5
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
受影响版本排查(受影响/不受影响)：
1.openEuler-20.03-LTS-SP4(4.19.90):受影响
2.openEuler-22.03-LTS-SP3(5.10.0):受影响
3.openEuler-22.03-LTS-SP4(5.10.0):受影响
4.openEuler-24.03-LTS(6.6.0):受影响
5.openEuler-24.03-LTS-SP1(6.6.0):受影响
6.master(6.6.0):不受影响
7.openEuler-24.03-LTS-Next(6.6.0):不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP4(4.19.90):否
2.openEuler-22.03-LTS-SP3(5.10.0):否
3.master(6.6.0):否
4.openEuler-24.03-LTS(6.6.0):否
5.openEuler-24.03-LTS-Next(6.6.0):否
6.openEuler-22.03-LTS-SP4(5.10.0):否
7.openEuler-24.03-LTS-SP1(6.6.0):否

原因说明：
1.openEuler-24.03-LTS(6.6.0):正常修复
2.openEuler-24.03-LTS-SP1(6.6.0):正常修复
3.openEuler-20.03-LTS-SP4(4.19.90):不修复-超出修复范围
4.openEuler-22.03-LTS-SP3(5.10.0):不修复-超出修复范围
5.openEuler-22.03-LTS-SP4(5.10.0):不修复-超出修复范围
6.master(6.6.0):不受影响-漏洞代码不能被攻击者触发
7.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发

Hi openeuler-ci-bot, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Kernel, and any of the maintainers.

@yangyingliang ,@jiaoff ,@guohaocs2c ,@hanjun-guo ,@woqidaideshi ,@newbeats ,@zhangyi089 ,@colyli ,@thundertown ,@htforge ,@chiqijun ,@lengchao ,@zhujianwei001 ,@kylin-mayukun ,@wangxiongfeng ,@wkfxxx ,@SuperSix173 ,@jentlestea ,@oskernel0719 ,@gasonchen 
**issue处理注意事项:** 
**1. 当前issue受影响的分支提交pr时, 须在pr描述中填写当前issue编号进行关联, 否则无法关闭当前issue;**
**2. 模板内容需要填写完整, 无论是受影响或者不受影响都需要填写完整内容,未引入的分支不需要填写, 否则无法关闭当前issue;**
**3. 以下为模板中需要填写完整的内容, 请复制到评论区回复, 注: 内容的标题名称(影响性分析说明, openEuler评分, 受影响版本排查(受影响/不受影响), 修复是否涉及abi变化(是/否), 原因说明)不能省略,省略后cve-manager将无法正常解析填写内容.**
************************************************************************
影响性分析说明:

openEuler评分: (评分和向量)

受影响版本排查(受影响/不受影响): 
1.master(6.6.0):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):

修复是否涉及abi变化(是/否)：
1.master(6.6.0):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):

原因说明：
1.master(6.6.0):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):

issue处理具体操作请参考: 
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
pr关联issue具体操作请参考:
https://gitee.com/help/articles/4142

参考网址	关联pr	状态	补丁链接
https://nvd.nist.gov/vuln/detail/CVE-2024-58010	None	None	https://git.kernel.org/stable/c/55cf2f4b945f6a6416cc2524ba740b83cc9af25a https://git.kernel.org/stable/c/d17ca8f2dfcf423c439859995910a20e38b86f00 https://git.kernel.org/stable/c/95506c7f33452450346fbe2975c1359100f854ca https://git.kernel.org/stable/c/a009378af674b808efcca1e2e67916e79ce866b3 https://git.kernel.org/stable/c/8e8cd712bb06a507b26efd2a56155076aa454345
https://ubuntu.com/security/CVE-2024-58010
https://www.opencve.io/cve/CVE-2024-58010	None	None	https://git.kernel.org/stable/c/55cf2f4b945f6a6416cc2524ba740b83cc9af25a https://git.kernel.org/stable/c/d17ca8f2dfcf423c439859995910a20e38b86f00 https://git.kernel.org/stable/c/95506c7f33452450346fbe2975c1359100f854ca https://git.kernel.org/stable/c/a009378af674b808efcca1e2e67916e79ce866b3 https://git.kernel.org/stable/c/8e8cd712bb06a507b26efd2a56155076aa454345
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-58010
https://security-tracker.debian.org/tracker/CVE-2024-58010
http://www.cnnvd.org.cn/web/vulnerability/queryLds.tag?qcvCnnvdid=CVE-2024-58010

说明：补丁链接仅供初步排查参考，实际可用性请人工再次确认，补丁下载验证可使用CVE补丁工具。
若补丁不准确，烦请在此issue下评论 '/report-patch 参考网址补丁链接1,补丁链接2' 反馈正确信息，便于我们不断优化工具，不胜感激。
如 /report-patch https://security-tracker.debian.org/tracker/CVE-2021-3997 https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1

CVE-2024-58010

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

binfmt_flat: Fix integer overflow bug on 32 bit systems

Most of these sizes and counts are capped at 256MB so the math doesn't
result in an integer overflow. The "relocs" count needs to be checked
as well. Otherwise on 32bit systems the calculation of "full_data"
could be wrong.

full_data = data_len + relocs * sizeof(unsigned long);

The Linux kernel CVE team has assigned CVE-2024-58010 to this issue.

openEuler评分:(评分和向量)
3.9
AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

受影响版本排查(受影响/不受影响):
1.master(6.1.0):不受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS-SP3:受影响
4.openEuler-22.03-LTS-SP4:受影响
5.openEuler-24.03-LTS:受影响
6.openEuler-24.03-LTS-Next:不受影响
7.openEuler-24.03-LTS-SP1:受影响

修复是否涉及abi变化(是/否)：
1.master(6.1.0):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS-SP3:否
4.openEuler-22.03-LTS-SP4:否
5.openEuler-24.03-LTS:否
6.openEuler-24.03-LTS-Next:否
7.openEuler-24.03-LTS-SP1:否

原因说明：
1.master(23.08.5):不受影响-漏洞代码不能被攻击者触发
2.openEuler-20.03-LTS-SP4:不修复-超出修复范围
4.openEuler-22.03-LTS-SP3:不修复-超出修复范围
5.openEuler-22.03-LTS-SP4:不修复-超出修复范围
6.openEuler-24.03-LTS:正常修复
7.openEuler-24.03-LTS-Next:不受影响-漏洞代码不能被攻击者触发
8.openEuler-24.03-LTS-SP1:正常修复

@sanglipeng 经过 cve-manager 解析, 已分析的内容如下表所示:
| 状态  | 分析项目 | 内容 |
|:--:|:--:|---------|
|已分析|1.影响性分析说明|In the Linux kernel, the following vulnerability has been resolved:binfmt_flat: Fix integer overflow bug on 32 bit systemsMost of these sizes and counts are capped at 256MB so the math doesn&#39;tresult in an integer overflow.  The &#34;relocs&#34; count needs to be checkedas well.  Otherwise on 32bit systems the calculation of &#34;full_data&#34;could be wrong.full_data = data_len + relocs * sizeof(unsigned long);The Linux kernel CVE team has assigned CVE-2024-58010 to this issue.|
|已分析|2.openEulerScore|3.9|
|已分析|3.openEulerVector|AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L|
|已分析|4.受影响版本排查|openEuler-20.03-LTS-SP4:受影响,openEuler-22.03-LTS-SP3:受影响,openEuler-22.03-LTS-SP4:受影响,openEuler-24.03-LTS:受影响,openEuler-24.03-LTS-SP1:受影响,master:不受影响,openEuler-24.03-LTS-Next:不受影响|
|已分析|5.是否涉及abi变化|master:否,openEuler-20.03-LTS-SP4:否,openEuler-22.03-LTS-SP3:否,openEuler-22.03-LTS-SP4:否,openEuler-24.03-LTS:否,openEuler-24.03-LTS-Next:否,openEuler-24.03-LTS-SP1:否|
|已分析|6.原因说明|openEuler-24.03-LTS:正常修复,openEuler-24.03-LTS-SP1:正常修复,openEuler-20.03-LTS-SP4:不修复-超出修复范围,openEuler-22.03-LTS-SP3:不修复-超出修复范围,openEuler-22.03-LTS-SP4:不修复-超出修复范围,master:不受影响-漏洞代码不能被攻击者触发,openEuler-24.03-LTS-Next:不受影响-漏洞代码不能被攻击者触发|

**请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.**

CVE-2024-58010

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

binfmt_flat: Fix integer overflow bug on 32 bit systems

Most of these sizes and counts are capped at 256MB so the math doesn't
result in an integer overflow. The "relocs" count needs to be checked
as well. Otherwise on 32bit systems the calculation of "full_data"
could be wrong.

full_data = data_len + relocs * sizeof(unsigned long);

openEuler评分:(评分和向量)
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP4:受影响
2.openEuler-22.03-LTS-SP3:受影响
3.openEuler-22.03-LTS-SP4:受影响
4.master(6.6.0):不受影响
5.openEuler-24.03-LTS:受影响
6.openEuler-24.03-LTS-Next:不受影响
7.openEuler-24.03-LTS-SP1:受影响

原因说明:
1.openEuler-20.03-LTS-SP4:不修复-超出修复范围
2.openEuler-22.03-LTS-SP3:不修复-超出修复范围
3.openEuler-22.03-LTS-SP4:不修复-超出修复范围
4.master(6.6.0):不受影响-漏洞代码不能被攻击者触发
5.openEuler-24.03-LTS:正常修复
6.openEuler-24.03-LTS-Next:不受影响-漏洞代码不能被攻击者触发
7.openEuler-24.03-LTS-SP1:正常修复

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP4:否
2.openEuler-22.03-LTS-SP3:否
3.master(23.08.5):否
4.openEuler-24.03-LTS:否
5.openEuler-24.03-LTS-Next:否
6.openEuler-22.03-LTS-SP4:否
7.openEuler-24.03-LTS-SP1:否

===========================================================

@sanglipeng 经过 cve-manager 解析, 已分析的内容如下表所示:
| 状态  | 分析项目 | 内容 |
|:--:|:--:|---------|
|已分析|1.影响性分析说明|In the Linux kernel, the following vulnerability has been resolved:binfmt_flat: Fix integer overflow bug on 32 bit systemsMost of these sizes and counts are capped at 256MB so the math doesn'tresult in an integer overflow.  The "relocs" count needs to be checkedas well.  Otherwise on 32bit systems the calculation of "full_data"could be wrong.full_data = data_len + relocs * sizeof(unsigned long);|
|已分析|2.openEulerScore|5.5|
|已分析|3.openEulerVector|AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H|
|已分析|4.受影响版本排查|openEuler-20.03-LTS-SP4:受影响,openEuler-22.03-LTS-SP3:受影响,openEuler-22.03-LTS-SP4:受影响,openEuler-24.03-LTS:受影响,openEuler-24.03-LTS-SP1:受影响,master:不受影响,openEuler-24.03-LTS-Next:不受影响|
|已分析|5.是否涉及abi变化|openEuler-20.03-LTS-SP4:否,openEuler-22.03-LTS-SP3:否,master:否,openEuler-24.03-LTS:否,openEuler-24.03-LTS-Next:否,openEuler-22.03-LTS-SP4:否,openEuler-24.03-LTS-SP1:否|
|已分析|6.原因说明|openEuler-24.03-LTS:正常修复,openEuler-24.03-LTS-SP1:正常修复,openEuler-20.03-LTS-SP4:不修复-超出修复范围,openEuler-22.03-LTS-SP3:不修复-超出修复范围,openEuler-22.03-LTS-SP4:不修复-超出修复范围,master:不受影响-漏洞代码不能被攻击者触发,openEuler-24.03-LTS-Next:不受影响-漏洞代码不能被攻击者触发|

**请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.**

src-openEuler/kernel

内容风险标识

评论 (7)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2024-58010

评论 (7)

搜索帮助

src-openEuler/kernel