Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: x86/lam: Disable ADDRESS_MASKING in most cases Linear Address Masking (LAM) has a weakness related to transient execution as described in the SLAM paper[1]. Unless Linear Address Space Separation (LASS) is enabled this weakness may be exploitable. Until kernel adds support for LASS[2], only allow LAM for COMPILE_TEST, or when speculation mitigations have been disabled at compile time, otherwise keep LAM disabled. There are no processors in market that support LAM yet, so currently nobody is affected by this issue. [1] SLAM: https://download.vusec.net/papers/slam_sp24.pdf [2] LASS: https://lore.kernel.org/lkml/[email protected]/ [ dhansen: update SPECULATION_MITIGATIONS -> CPU_MITIGATIONS ]
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 6.6.59 |
References
- https://git.kernel.org/stable/c/3267cb6d3a174ff83d6287dcd5b0047bbd912452Patch
- https://git.kernel.org/stable/c/60a5ba560f296ad8da153f6ad3f70030bfa3958fPatch
- https://git.kernel.org/stable/c/690599066488d16db96ac0d6340f9372fc56f337Patch
FAQ
What is CVE-2024-50112?
CVE-2024-50112 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: x86/lam: Disable ADDRESS_MASKING in most cases Linear Address Masking (LAM) has a weakness related to transient execution as descr...
How severe is CVE-2024-50112?
CVE-2024-50112 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-50112?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.