{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-40974","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-12T12:17:45.603Z","datePublished":"2024-07-12T12:32:11.417Z","dateUpdated":"2026-01-05T10:37:02.905Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-01-05T10:37:02.905Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Enforce hcall result buffer validity and size\n\nplpar_hcall(), plpar_hcall9(), and related functions expect callers to\nprovide valid result buffers of certain minimum size. Currently this\nis communicated only through comments in the code and the compiler has\nno idea.\n\nFor example, if I write a bug like this:\n\n  long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE\n  plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);\n\nThis compiles with no diagnostics emitted, but likely results in stack\ncorruption at runtime when plpar_hcall9() stores results past the end\nof the array. (To be clear this is a contrived example and I have not\nfound a real instance yet.)\n\nTo make this class of error less likely, we can use explicitly-sized\narray parameters instead of pointers in the declarations for the hcall\nAPIs. When compiled with -Warray-bounds[1], the code above now\nprovokes a diagnostic like this:\n\nerror: array argument is too small;\nis of size 32, callee requires at least 72 [-Werror,-Warray-bounds]\n   60 |                 plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,\n      |                 ^                                   ~~~~~~\n\n[1] Enabled for LLVM builds but not GCC for now. See commit\n    0da6e5fd6c37 (\"gcc: disable '-Warray-bounds' for gcc-13 too\") and\n    related changes."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/powerpc/include/asm/hvcall.h"],"versions":[{"version":"b9377ffc3a03cde558d76349a262a1adbb6d3112","lessThan":"acf2b80c31c37acab040baa3cf5f19fbd5140b18","status":"affected","versionType":"git"},{"version":"b9377ffc3a03cde558d76349a262a1adbb6d3112","lessThan":"19c166ee42cf16d8b156a6cb4544122d9a65d3ca","status":"affected","versionType":"git"},{"version":"b9377ffc3a03cde558d76349a262a1adbb6d3112","lessThan":"a8c988d752b3d98d5cc1e3929c519a55ef55426c","status":"affected","versionType":"git"},{"version":"b9377ffc3a03cde558d76349a262a1adbb6d3112","lessThan":"262e942ff5a839b9e4f3302a8987928b0c8b8a2d","status":"affected","versionType":"git"},{"version":"b9377ffc3a03cde558d76349a262a1adbb6d3112","lessThan":"8aa11aa001576bf3b00dcb8559564ad7a3113588","status":"affected","versionType":"git"},{"version":"b9377ffc3a03cde558d76349a262a1adbb6d3112","lessThan":"3ad0034910a57aa88ed9976b1431b7b8c84e0048","status":"affected","versionType":"git"},{"version":"b9377ffc3a03cde558d76349a262a1adbb6d3112","lessThan":"aa6107dcc4ce9a3451f2d729204713783b657257","status":"affected","versionType":"git"},{"version":"b9377ffc3a03cde558d76349a262a1adbb6d3112","lessThan":"ff2e185cf73df480ec69675936c4ee75a445c3e4","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/powerpc/include/asm/hvcall.h"],"versions":[{"version":"2.6.19","status":"affected"},{"version":"0","lessThan":"2.6.19","status":"unaffected","versionType":"semver"},{"version":"4.19.317","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.279","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.221","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.162","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.96","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.36","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.7","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"4.19.317"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"5.4.279"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"5.10.221"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"5.15.162"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"6.1.96"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"6.6.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"6.9.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/acf2b80c31c37acab040baa3cf5f19fbd5140b18"},{"url":"https://git.kernel.org/stable/c/19c166ee42cf16d8b156a6cb4544122d9a65d3ca"},{"url":"https://git.kernel.org/stable/c/a8c988d752b3d98d5cc1e3929c519a55ef55426c"},{"url":"https://git.kernel.org/stable/c/262e942ff5a839b9e4f3302a8987928b0c8b8a2d"},{"url":"https://git.kernel.org/stable/c/8aa11aa001576bf3b00dcb8559564ad7a3113588"},{"url":"https://git.kernel.org/stable/c/3ad0034910a57aa88ed9976b1431b7b8c84e0048"},{"url":"https://git.kernel.org/stable/c/aa6107dcc4ce9a3451f2d729204713783b657257"},{"url":"https://git.kernel.org/stable/c/ff2e185cf73df480ec69675936c4ee75a445c3e4"}],"title":"powerpc/pseries: Enforce hcall result buffer validity and size","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/acf2b80c31c37acab040baa3cf5f19fbd5140b18","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/19c166ee42cf16d8b156a6cb4544122d9a65d3ca","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a8c988d752b3d98d5cc1e3929c519a55ef55426c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/262e942ff5a839b9e4f3302a8987928b0c8b8a2d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/8aa11aa001576bf3b00dcb8559564ad7a3113588","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3ad0034910a57aa88ed9976b1431b7b8c84e0048","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/aa6107dcc4ce9a3451f2d729204713783b657257","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ff2e185cf73df480ec69675936c4ee75a445c3e4","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:58:39.132Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-40974","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:02:44.463070Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:22.210Z"}}]}}