{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-58008","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-27T02:10:48.227Z","datePublished":"2025-02-27T02:12:04.100Z","dateUpdated":"2025-05-04T13:01:49.877Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T13:01:49.877Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y\n\nWith vmalloc stack addresses enabled (CONFIG_VMAP_STACK=y) DCP trusted\nkeys can crash during en- and decryption of the blob encryption key via\nthe DCP crypto driver. This is caused by improperly using sg_init_one()\nwith vmalloc'd stack buffers (plain_key_blob).\n\nFix this by always using kmalloc() for buffers we give to the DCP crypto\ndriver."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["security/keys/trusted-keys/trusted_dcp.c"],"versions":[{"version":"0e28bf61a5f9ab30be3f3b4eafb8d097e39446bb","lessThan":"3192f1c54dddb9b5820bf5e8677809949d8e9c66","status":"affected","versionType":"git"},{"version":"0e28bf61a5f9ab30be3f3b4eafb8d097e39446bb","lessThan":"3355594de46fb1cba663f12b9644b664b8a609f4","status":"affected","versionType":"git"},{"version":"0e28bf61a5f9ab30be3f3b4eafb8d097e39446bb","lessThan":"e8d9fab39d1f87b52932646b2f1e7877aa3fc0f4","status":"affected","versionType":"git"},{"version":"9e3b266afcfe4294e84496f50f006f029d3100db","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["security/keys/trusted-keys/trusted_dcp.c"],"versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","status":"unaffected","versionType":"semver"},{"version":"6.12.14","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13.3","lessThanOrEqual":"6.13.*","status":"unaffected","versionType":"semver"},{"version":"6.14","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.12.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.13.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10.7"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3192f1c54dddb9b5820bf5e8677809949d8e9c66"},{"url":"https://git.kernel.org/stable/c/3355594de46fb1cba663f12b9644b664b8a609f4"},{"url":"https://git.kernel.org/stable/c/e8d9fab39d1f87b52932646b2f1e7877aa3fc0f4"}],"title":"KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y","x_generator":{"engine":"bippy-1.2.0"}}}}