CVE-2024-25739: Medium severity Linux Linux kernel vulnerability
Published Feb 12, 2024
·Updated
createemptylvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->lebsize.
Affected Software
7 affected componentsFixes available
Linux Linux kernel<=6.7.4
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
redhat/kernel<6.9
6.9
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.27-1
Remediation
Event History
Feb 12, 2024
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·03:15 AM
DescriptionSeverityWeaknessAffected Software
Data Sourced
via Red Hat·03:02 PM
DescriptionSeverityAffected Software
Jun 8, 2024
Data Sourced
via Launchpad·12:59 AM
Description
Apr 28, 2025
Data Sourced
via Ubuntu·02:16 PM
RemedyDescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-25739?
CVE-2024-25739 has a moderate severity due to a potential system crash caused by zero-byte allocation.
2
How do I fix CVE-2024-25739?
To resolve CVE-2024-25739, upgrade to Linux kernel version 6.9 or apply the relevant patches for affected versions.
3
Which versions of Linux are affected by CVE-2024-25739?
CVE-2024-25739 affects Linux kernel versions up to and including 6.7.4.
4
What causes the issue in CVE-2024-25739?
The issue in CVE-2024-25739 is caused by a missing check for the size of the logical erase block, leading to attempts to allocate zero bytes.
5
Is CVE-2024-25739 a critical vulnerability?
CVE-2024-25739 is not classified as critical but can lead to significant system instability if exploited.