Vulnerability Details : CVE-2024-53137
In the Linux kernel, the following vulnerability has been resolved:
ARM: fix cacheflush with PAN
It seems that the cacheflush syscall got broken when PAN for LPAE was
implemented. User access was not enabled around the cache maintenance
instructions, causing them to fault.
Products affected by CVE-2024-53137
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-53137
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-53137
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST | 2024-12-11 |
References for CVE-2024-53137
-
https://git.kernel.org/stable/c/ca29cfcc4a21083d671522ad384532e28a43f033
ARM: fix cacheflush with PAN - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/e6960a2ed49c9a25357817535f7cc50594a58604
ARM: fix cacheflush with PAN - kernel/git/stable/linux.git - Linux kernel stable treePatch
Jump to