VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-2xvp-epu5-tbbf

Essentials
Severities (7)
References (34)
Severity details (5)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-2xvp-epu5-tbbf
Aliases	CVE-2024-42156
Summary	In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key.
Status	Published
Exploitability	0.5
Weighted Severity	3.7
Risk	1.9
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-459

Incomplete Cleanup

System	Score	Found at
cvssv3	4.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42156.json
epss	0.00015	https://api.first.org/data/v1/epss?cve=CVE-2024-42156
epss	0.00015	https://api.first.org/data/v1/epss?cve=CVE-2024-42156
cvssv3.1	5.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc	Track	https://git.kernel.org/stable/c/7f6243edd901b75aaece326c90a1cc0dcb60cc3d
ssvc	Track	https://git.kernel.org/stable/c/a891938947f4427f98cb1ce54f27223501efe750
ssvc	Track	https://git.kernel.org/stable/c/d65d76a44ffe74c73298ada25b0f578680576073

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42156.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-42156
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42156
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2301527		https://bugzilla.redhat.com/show_bug.cgi?id=2301527
7f6243edd901b75aaece326c90a1cc0dcb60cc3d		https://git.kernel.org/stable/c/7f6243edd901b75aaece326c90a1cc0dcb60cc3d
a891938947f4427f98cb1ce54f27223501efe750		https://git.kernel.org/stable/c/a891938947f4427f98cb1ce54f27223501efe750
d65d76a44ffe74c73298ada25b0f578680576073		https://git.kernel.org/stable/c/d65d76a44ffe74c73298ada25b0f578680576073
USN-7089-1		https://usn.ubuntu.com/7089-1/
USN-7089-2		https://usn.ubuntu.com/7089-2/
USN-7089-3		https://usn.ubuntu.com/7089-3/
USN-7089-4		https://usn.ubuntu.com/7089-4/
USN-7089-5		https://usn.ubuntu.com/7089-5/
USN-7089-6		https://usn.ubuntu.com/7089-6/
USN-7089-7		https://usn.ubuntu.com/7089-7/
USN-7090-1		https://usn.ubuntu.com/7090-1/
USN-7095-1		https://usn.ubuntu.com/7095-1/
USN-7156-1		https://usn.ubuntu.com/7156-1/
USN-7159-1		https://usn.ubuntu.com/7159-1/
USN-7159-2		https://usn.ubuntu.com/7159-2/
USN-7159-3		https://usn.ubuntu.com/7159-3/
USN-7159-4		https://usn.ubuntu.com/7159-4/
USN-7159-5		https://usn.ubuntu.com/7159-5/
USN-7166-1		https://usn.ubuntu.com/7166-1/
USN-7166-2		https://usn.ubuntu.com/7166-2/
USN-7166-3		https://usn.ubuntu.com/7166-3/
USN-7166-4		https://usn.ubuntu.com/7166-4/
USN-7185-1		https://usn.ubuntu.com/7185-1/
USN-7185-2		https://usn.ubuntu.com/7185-2/
USN-7186-1		https://usn.ubuntu.com/7186-1/
USN-7186-2		https://usn.ubuntu.com/7186-2/
USN-7194-1		https://usn.ubuntu.com/7194-1/
USN-7195-1		https://usn.ubuntu.com/7195-1/
USN-7195-2		https://usn.ubuntu.com/7195-2/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42156.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:15:08Z/ Found at https://git.kernel.org/stable/c/7f6243edd901b75aaece326c90a1cc0dcb60cc3d

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:15:08Z/ Found at https://git.kernel.org/stable/c/a891938947f4427f98cb1ce54f27223501efe750

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:15:08Z/ Found at https://git.kernel.org/stable/c/d65d76a44ffe74c73298ada25b0f578680576073

Exploit Prediction Scoring System (EPSS)

Percentile	0.03078
EPSS Score	0.00015
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:51:13.823902+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	38.6.0