{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-49975","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-10-21T12:17:06.052Z","datePublished":"2024-10-21T18:02:23.099Z","dateUpdated":"2025-11-03T22:23:56.236Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:42:47.805Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: fix kernel info leak via \"[uprobes]\" vma\n\nxol_add_vma() maps the uninitialized page allocated by __create_xol_area()\ninto userspace. On some architectures (x86) this memory is readable even\nwithout VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ,\nalthough this doesn't really matter, debugger can read this memory anyway."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/events/uprobes.c"],"versions":[{"version":"d4b3b6384f98f8692ad0209891ccdbc7e78bbefe","lessThan":"f31f92107e5a8ecc8902705122c594e979a351fe","status":"affected","versionType":"git"},{"version":"d4b3b6384f98f8692ad0209891ccdbc7e78bbefe","lessThan":"fe5e9182d3e227476642ae2b312e2356c4d326a3","status":"affected","versionType":"git"},{"version":"d4b3b6384f98f8692ad0209891ccdbc7e78bbefe","lessThan":"f561b48d633ac2e7d0d667020fc634a96ade33a0","status":"affected","versionType":"git"},{"version":"d4b3b6384f98f8692ad0209891ccdbc7e78bbefe","lessThan":"21cb47db1ec9765f91304763a24565ddc22d2492","status":"affected","versionType":"git"},{"version":"d4b3b6384f98f8692ad0209891ccdbc7e78bbefe","lessThan":"24141df5a8615790950deedd926a44ddf1dfd6d8","status":"affected","versionType":"git"},{"version":"d4b3b6384f98f8692ad0209891ccdbc7e78bbefe","lessThan":"5b981d8335e18aef7908a068529a3287258ff6d8","status":"affected","versionType":"git"},{"version":"d4b3b6384f98f8692ad0209891ccdbc7e78bbefe","lessThan":"2aa45f43709ba2082917bd2973d02687075b6eee","status":"affected","versionType":"git"},{"version":"d4b3b6384f98f8692ad0209891ccdbc7e78bbefe","lessThan":"9634e8dc964a4adafa7e1535147abd7ec29441a6","status":"affected","versionType":"git"},{"version":"d4b3b6384f98f8692ad0209891ccdbc7e78bbefe","lessThan":"34820304cc2cd1804ee1f8f3504ec77813d29c8e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/events/uprobes.c"],"versions":[{"version":"3.5","status":"affected"},{"version":"0","lessThan":"3.5","status":"unaffected","versionType":"semver"},{"version":"4.19.323","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.285","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.227","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.168","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.113","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.55","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.10.14","lessThanOrEqual":"6.10.*","status":"unaffected","versionType":"semver"},{"version":"6.11.3","lessThanOrEqual":"6.11.*","status":"unaffected","versionType":"semver"},{"version":"6.12","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"4.19.323"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"5.4.285"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"5.10.227"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"5.15.168"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.1.113"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.6.55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.10.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.11.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5","versionEndExcluding":"6.12"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/f31f92107e5a8ecc8902705122c594e979a351fe"},{"url":"https://git.kernel.org/stable/c/fe5e9182d3e227476642ae2b312e2356c4d326a3"},{"url":"https://git.kernel.org/stable/c/f561b48d633ac2e7d0d667020fc634a96ade33a0"},{"url":"https://git.kernel.org/stable/c/21cb47db1ec9765f91304763a24565ddc22d2492"},{"url":"https://git.kernel.org/stable/c/24141df5a8615790950deedd926a44ddf1dfd6d8"},{"url":"https://git.kernel.org/stable/c/5b981d8335e18aef7908a068529a3287258ff6d8"},{"url":"https://git.kernel.org/stable/c/2aa45f43709ba2082917bd2973d02687075b6eee"},{"url":"https://git.kernel.org/stable/c/9634e8dc964a4adafa7e1535147abd7ec29441a6"},{"url":"https://git.kernel.org/stable/c/34820304cc2cd1804ee1f8f3504ec77813d29c8e"}],"title":"uprobes: fix kernel info leak via \"[uprobes]\" vma","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-49975","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-10-22T13:33:15.927112Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-22T13:38:45.577Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:23:56.236Z"}}]}}