Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0546
Vulnerability from certfr_avis - Published: 2024-07-05 - Updated: 2024-07-05
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "N/A",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "N/A",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "N/A",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "N/A",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "N/A",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 23.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-27024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27024"
},
{
"name": "CVE-2024-26957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26957"
},
{
"name": "CVE-2024-35797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35797"
},
{
"name": "CVE-2024-27435",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27435"
},
{
"name": "CVE-2024-26601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26601"
},
{
"name": "CVE-2024-26934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26934"
},
{
"name": "CVE-2024-27391",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27391"
},
{
"name": "CVE-2024-26886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26886"
},
{
"name": "CVE-2024-35810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35810"
},
{
"name": "CVE-2024-27051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27051"
},
{
"name": "CVE-2024-26898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26898"
},
{
"name": "CVE-2024-26654",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26654"
},
{
"name": "CVE-2024-26656",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26656"
},
{
"name": "CVE-2023-52663",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52663"
},
{
"name": "CVE-2024-26816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26816"
},
{
"name": "CVE-2024-27030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27030"
},
{
"name": "CVE-2024-26896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26896"
},
{
"name": "CVE-2024-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
},
{
"name": "CVE-2024-26866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26866"
},
{
"name": "CVE-2024-26881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26881"
},
{
"name": "CVE-2024-25739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25739"
},
{
"name": "CVE-2024-35807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35807"
},
{
"name": "CVE-2024-27028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27028"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2024-26950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26950"
},
{
"name": "CVE-2024-26585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
},
{
"name": "CVE-2024-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26961"
},
{
"name": "CVE-2024-26754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26754"
},
{
"name": "CVE-2024-26968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26968"
},
{
"name": "CVE-2024-27078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27078"
},
{
"name": "CVE-2024-26973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26973"
},
{
"name": "CVE-2024-35828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35828"
},
{
"name": "CVE-2023-52653",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52653"
},
{
"name": "CVE-2024-27063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27063"
},
{
"name": "CVE-2024-26848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26848"
},
{
"name": "CVE-2024-26883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26883"
},
{
"name": "CVE-2024-27034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27034"
},
{
"name": "CVE-2024-35805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35805"
},
{
"name": "CVE-2024-27389",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27389"
},
{
"name": "CVE-2024-26790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26790"
},
{
"name": "CVE-2024-27392",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27392"
},
{
"name": "CVE-2024-27038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27038"
},
{
"name": "CVE-2024-35799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35799"
},
{
"name": "CVE-2024-35822",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35822"
},
{
"name": "CVE-2024-26977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26977"
},
{
"name": "CVE-2024-26845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26845"
},
{
"name": "CVE-2024-26953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26953"
},
{
"name": "CVE-2024-26750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26750"
},
{
"name": "CVE-2024-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26603"
},
{
"name": "CVE-2024-26976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26976"
},
{
"name": "CVE-2024-26964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26964"
},
{
"name": "CVE-2024-27437",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27437"
},
{
"name": "CVE-2024-26927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26927"
},
{
"name": "CVE-2024-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
},
{
"name": "CVE-2024-26959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26959"
},
{
"name": "CVE-2023-52640",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52640"
},
{
"name": "CVE-2024-27403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27403"
},
{
"name": "CVE-2024-27041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27041"
},
{
"name": "CVE-2024-35844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35844"
},
{
"name": "CVE-2024-26802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26802"
},
{
"name": "CVE-2024-26970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26970"
},
{
"name": "CVE-2024-26815",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26815"
},
{
"name": "CVE-2024-26805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26805"
},
{
"name": "CVE-2024-26891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26891"
},
{
"name": "CVE-2024-27069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27069"
},
{
"name": "CVE-2024-27032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27032"
},
{
"name": "CVE-2024-26852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
},
{
"name": "CVE-2024-26774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26774"
},
{
"name": "CVE-2024-26879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26879"
},
{
"name": "CVE-2024-26903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26903"
},
{
"name": "CVE-2024-27033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27033"
},
{
"name": "CVE-2024-26859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26859"
},
{
"name": "CVE-2024-26887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26887"
},
{
"name": "CVE-2024-26839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26839"
},
{
"name": "CVE-2023-52649",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52649"
},
{
"name": "CVE-2024-26857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26857"
},
{
"name": "CVE-2024-26937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26937"
},
{
"name": "CVE-2024-35814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35814"
},
{
"name": "CVE-2024-26946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26946"
},
{
"name": "CVE-2024-35803",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35803"
},
{
"name": "CVE-2024-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26720"
},
{
"name": "CVE-2024-27413",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27413"
},
{
"name": "CVE-2024-27042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27042"
},
{
"name": "CVE-2024-26801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
},
{
"name": "CVE-2024-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27043"
},
{
"name": "CVE-2023-7042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7042"
},
{
"name": "CVE-2024-26963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26963"
},
{
"name": "CVE-2024-27071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27071"
},
{
"name": "CVE-2024-27419",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27419"
},
{
"name": "CVE-2024-26643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26643"
},
{
"name": "CVE-2024-26779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
},
{
"name": "CVE-2024-26940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26940"
},
{
"name": "CVE-2024-26969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26969"
},
{
"name": "CVE-2024-26880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26880"
},
{
"name": "CVE-2023-52650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52650"
},
{
"name": "CVE-2024-26773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26773"
},
{
"name": "CVE-2024-35813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35813"
},
{
"name": "CVE-2024-27434",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27434"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2024-26931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26931"
},
{
"name": "CVE-2024-26763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26763"
},
{
"name": "CVE-2024-26895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26895"
},
{
"name": "CVE-2024-26749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26749"
},
{
"name": "CVE-2024-26951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26951"
},
{
"name": "CVE-2024-27048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27048"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2024-26938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26938"
},
{
"name": "CVE-2024-27072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27072"
},
{
"name": "CVE-2024-26949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26949"
},
{
"name": "CVE-2024-26862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26862"
},
{
"name": "CVE-2024-27068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27068"
},
{
"name": "CVE-2024-26900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26900"
},
{
"name": "CVE-2024-35821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35821"
},
{
"name": "CVE-2024-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26965"
},
{
"name": "CVE-2024-35829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35829"
},
{
"name": "CVE-2024-26885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26885"
},
{
"name": "CVE-2024-35798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35798"
},
{
"name": "CVE-2021-47063",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47063"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2024-26751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26751"
},
{
"name": "CVE-2024-26941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26941"
},
{
"name": "CVE-2024-27065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27065"
},
{
"name": "CVE-2023-6270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6270"
},
{
"name": "CVE-2024-27388",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27388"
},
{
"name": "CVE-2024-27047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27047"
},
{
"name": "CVE-2024-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
},
{
"name": "CVE-2024-35808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35808"
},
{
"name": "CVE-2024-26948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26948"
},
{
"name": "CVE-2024-35795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35795"
},
{
"name": "CVE-2024-27050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27050"
},
{
"name": "CVE-2024-26929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26929"
},
{
"name": "CVE-2024-26787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26787"
},
{
"name": "CVE-2024-26943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26943"
},
{
"name": "CVE-2024-27035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27035"
},
{
"name": "CVE-2024-26814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26814"
},
{
"name": "CVE-2024-35901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35901"
},
{
"name": "CVE-2024-27412",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27412"
},
{
"name": "CVE-2024-26935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26935"
},
{
"name": "CVE-2024-26978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26978"
},
{
"name": "CVE-2024-26865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26865"
},
{
"name": "CVE-2024-26846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26846"
},
{
"name": "CVE-2024-27053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27053"
},
{
"name": "CVE-2024-27040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27040"
},
{
"name": "CVE-2024-27026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27026"
},
{
"name": "CVE-2024-27077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27077"
},
{
"name": "CVE-2024-35809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35809"
},
{
"name": "CVE-2024-35827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35827"
},
{
"name": "CVE-2024-26748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26748"
},
{
"name": "CVE-2024-27070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27070"
},
{
"name": "CVE-2024-27037",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27037"
},
{
"name": "CVE-2024-26782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26782"
},
{
"name": "CVE-2024-26833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26833"
},
{
"name": "CVE-2023-52647",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52647"
},
{
"name": "CVE-2024-35793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35793"
},
{
"name": "CVE-2024-26877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26877"
},
{
"name": "CVE-2024-27064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27064"
},
{
"name": "CVE-2023-52645",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52645"
},
{
"name": "CVE-2024-35806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35806"
},
{
"name": "CVE-2024-26792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26792"
},
{
"name": "CVE-2024-26915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26915"
},
{
"name": "CVE-2024-26803",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26803"
},
{
"name": "CVE-2024-26947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26947"
},
{
"name": "CVE-2024-27073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27073"
},
{
"name": "CVE-2024-26583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
},
{
"name": "CVE-2024-26642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
},
{
"name": "CVE-2024-27431",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27431"
},
{
"name": "CVE-2024-26922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26922"
},
{
"name": "CVE-2024-26733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
},
{
"name": "CVE-2024-27027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27027"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2024-26812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26812"
},
{
"name": "CVE-2024-26688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26688"
},
{
"name": "CVE-2024-35831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35831"
},
{
"name": "CVE-2024-26955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26955"
},
{
"name": "CVE-2024-26888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26888"
},
{
"name": "CVE-2024-26861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26861"
},
{
"name": "CVE-2024-26906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26906"
},
{
"name": "CVE-2024-26840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26840"
},
{
"name": "CVE-2024-26889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26889"
},
{
"name": "CVE-2024-26584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
},
{
"name": "CVE-2024-27076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27076"
},
{
"name": "CVE-2024-35830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35830"
},
{
"name": "CVE-2023-52662",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52662"
},
{
"name": "CVE-2024-27417",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27417"
},
{
"name": "CVE-2024-27029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27029"
},
{
"name": "CVE-2024-35796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35796"
},
{
"name": "CVE-2024-26952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26952"
},
{
"name": "CVE-2024-27058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27058"
},
{
"name": "CVE-2024-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0841"
},
{
"name": "CVE-2024-26651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26651"
},
{
"name": "CVE-2024-26871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26871"
},
{
"name": "CVE-2024-26958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26958"
},
{
"name": "CVE-2024-27436",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27436"
},
{
"name": "CVE-2024-26956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26956"
},
{
"name": "CVE-2024-26776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26776"
},
{
"name": "CVE-2024-26892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26892"
},
{
"name": "CVE-2023-52497",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52497"
},
{
"name": "CVE-2024-35787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35787"
},
{
"name": "CVE-2024-26939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26939"
},
{
"name": "CVE-2024-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26960"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2023-47233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47233"
},
{
"name": "CVE-2024-26882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26882"
},
{
"name": "CVE-2023-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52434"
},
{
"name": "CVE-2024-26975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26975"
},
{
"name": "CVE-2024-26653",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26653"
},
{
"name": "CVE-2024-27036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27036"
},
{
"name": "CVE-2024-26884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26884"
},
{
"name": "CVE-2024-26771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26771"
},
{
"name": "CVE-2022-38096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38096"
},
{
"name": "CVE-2024-26769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26769"
},
{
"name": "CVE-2024-26737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26737"
},
{
"name": "CVE-2024-26868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26868"
},
{
"name": "CVE-2023-52661",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52661"
},
{
"name": "CVE-2024-26899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26899"
},
{
"name": "CVE-2024-26966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26966"
},
{
"name": "CVE-2024-22099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22099"
},
{
"name": "CVE-2024-27044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27044"
},
{
"name": "CVE-2024-35874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35874"
},
{
"name": "CVE-2024-27039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27039"
},
{
"name": "CVE-2024-27416",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27416"
},
{
"name": "CVE-2024-26747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26747"
},
{
"name": "CVE-2024-26843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26843"
},
{
"name": "CVE-2024-26971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26971"
},
{
"name": "CVE-2023-52620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52620"
},
{
"name": "CVE-2024-26659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
},
{
"name": "CVE-2024-26933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26933"
},
{
"name": "CVE-2024-26793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26793"
},
{
"name": "CVE-2024-26972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26972"
},
{
"name": "CVE-2024-35817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35817"
},
{
"name": "CVE-2024-26869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26869"
},
{
"name": "CVE-2024-26932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26932"
},
{
"name": "CVE-2024-26874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26874"
},
{
"name": "CVE-2024-27390",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27390"
},
{
"name": "CVE-2024-26838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26838"
},
{
"name": "CVE-2021-33631",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33631"
},
{
"name": "CVE-2024-26752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26752"
},
{
"name": "CVE-2024-26876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26876"
},
{
"name": "CVE-2024-26875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26875"
},
{
"name": "CVE-2024-26736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26736"
},
{
"name": "CVE-2024-27074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27074"
},
{
"name": "CVE-2024-26967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26967"
},
{
"name": "CVE-2023-52447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52447"
},
{
"name": "CVE-2024-35794",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35794"
},
{
"name": "CVE-2023-52644",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52644"
},
{
"name": "CVE-2024-26894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26894"
},
{
"name": "CVE-2024-26820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26820"
},
{
"name": "CVE-2023-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
},
{
"name": "CVE-2024-35801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35801"
},
{
"name": "CVE-2024-27414",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27414"
},
{
"name": "CVE-2024-26777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26777"
},
{
"name": "CVE-2024-26764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26764"
},
{
"name": "CVE-2024-35826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35826"
},
{
"name": "CVE-2024-26878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26878"
},
{
"name": "CVE-2024-27067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27067"
},
{
"name": "CVE-2024-26778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26778"
},
{
"name": "CVE-2024-26657",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26657"
},
{
"name": "CVE-2024-27054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27054"
},
{
"name": "CVE-2024-27045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27045"
},
{
"name": "CVE-2024-26872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26872"
},
{
"name": "CVE-2024-26944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26944"
},
{
"name": "CVE-2024-27066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27066"
},
{
"name": "CVE-2024-27075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27075"
},
{
"name": "CVE-2024-26901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
},
{
"name": "CVE-2024-26945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26945"
},
{
"name": "CVE-2024-35819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35819"
},
{
"name": "CVE-2024-26863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26863"
},
{
"name": "CVE-2024-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2201"
},
{
"name": "CVE-2024-26655",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26655"
},
{
"name": "CVE-2024-26954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26954"
},
{
"name": "CVE-2024-26860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26860"
},
{
"name": "CVE-2024-26873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26873"
},
{
"name": "CVE-2024-26813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26813"
},
{
"name": "CVE-2024-35789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
},
{
"name": "CVE-2024-26798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26798"
},
{
"name": "CVE-2024-26856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26856"
},
{
"name": "CVE-2024-26925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26925"
},
{
"name": "CVE-2024-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
},
{
"name": "CVE-2024-26870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26870"
},
{
"name": "CVE-2024-26930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26930"
},
{
"name": "CVE-2024-26893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26893"
},
{
"name": "CVE-2024-26835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26835"
},
{
"name": "CVE-2024-27080",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27080"
},
{
"name": "CVE-2024-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26791"
},
{
"name": "CVE-2024-27415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27415"
},
{
"name": "CVE-2024-26962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26962"
},
{
"name": "CVE-2023-52641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52641"
},
{
"name": "CVE-2024-27079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27079"
},
{
"name": "CVE-2024-26810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26810"
},
{
"name": "CVE-2024-27049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27049"
},
{
"name": "CVE-2024-26772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26772"
},
{
"name": "CVE-2022-48669",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48669"
},
{
"name": "CVE-2024-27405",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27405"
},
{
"name": "CVE-2024-26855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26855"
},
{
"name": "CVE-2023-52648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52648"
},
{
"name": "CVE-2024-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26766"
},
{
"name": "CVE-2024-27432",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27432"
},
{
"name": "CVE-2024-26795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26795"
},
{
"name": "CVE-2024-35843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35843"
},
{
"name": "CVE-2023-52656",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52656"
},
{
"name": "CVE-2024-26864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26864"
},
{
"name": "CVE-2024-26809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26809"
},
{
"name": "CVE-2024-35800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35800"
},
{
"name": "CVE-2024-26924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26924"
},
{
"name": "CVE-2024-27433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27433"
},
{
"name": "CVE-2024-26942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26942"
},
{
"name": "CVE-2024-27031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27031"
},
{
"name": "CVE-2024-26788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26788"
},
{
"name": "CVE-2023-52659",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52659"
},
{
"name": "CVE-2023-52652",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52652"
},
{
"name": "CVE-2024-27410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
},
{
"name": "CVE-2024-24861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24861"
},
{
"name": "CVE-2024-26890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26890"
},
{
"name": "CVE-2024-26907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26907"
},
{
"name": "CVE-2024-27046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27046"
},
{
"name": "CVE-2024-35811",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35811"
}
],
"initial_release_date": "2024-07-05T00:00:00",
"last_revision_date": "2024-07-05T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0546",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2024-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6866-2",
"url": "https://ubuntu.com/security/notices/USN-6866-2"
},
{
"published_at": "2024-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6874-1",
"url": "https://ubuntu.com/security/notices/USN-6874-1"
},
{
"published_at": "2024-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6871-1",
"url": "https://ubuntu.com/security/notices/USN-6871-1"
},
{
"published_at": "2024-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6873-2",
"url": "https://ubuntu.com/security/notices/USN-6873-2"
},
{
"published_at": "2024-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6873-1",
"url": "https://ubuntu.com/security/notices/USN-6873-1"
},
{
"published_at": "2024-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6878-1",
"url": "https://ubuntu.com/security/notices/USN-6878-1"
},
{
"published_at": "2024-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6872-1",
"url": "https://ubuntu.com/security/notices/USN-6872-1"
},
{
"published_at": "2024-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6868-1",
"url": "https://ubuntu.com/security/notices/USN-6868-1"
},
{
"published_at": "2024-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6864-1",
"url": "https://ubuntu.com/security/notices/USN-6864-1"
},
{
"published_at": "2024-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6875-1",
"url": "https://ubuntu.com/security/notices/USN-6875-1"
},
{
"published_at": "2024-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6870-1",
"url": "https://ubuntu.com/security/notices/USN-6870-1"
},
{
"published_at": "2024-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6870-2",
"url": "https://ubuntu.com/security/notices/USN-6870-2"
},
{
"published_at": "2024-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6864-2",
"url": "https://ubuntu.com/security/notices/USN-6864-2"
},
{
"published_at": "2024-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6872-2",
"url": "https://ubuntu.com/security/notices/USN-6872-2"
},
{
"published_at": "2024-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6863-1",
"url": "https://ubuntu.com/security/notices/USN-6863-1"
},
{
"published_at": "2024-07-04",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6869-1",
"url": "https://ubuntu.com/security/notices/USN-6869-1"
}
]
}
CVE-2024-26899 (GCVE-0-2024-26899)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2026-05-11 20:06
VLAI
EPSS
Title
block: fix deadlock between bd_link_disk_holder and partition scan
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: fix deadlock between bd_link_disk_holder and partition scan
'open_mutex' of gendisk is used to protect open/close block devices. But
in bd_link_disk_holder(), it is used to protect the creation of symlink
between holding disk and slave bdev, which introduces some issues.
When bd_link_disk_holder() is called, the driver is usually in the process
of initialization/modification and may suspend submitting io. At this
time, any io hold 'open_mutex', such as scanning partitions, can cause
deadlocks. For example, in raid:
T1 T2
bdev_open_by_dev
lock open_mutex [1]
...
efi_partition
...
md_submit_bio
md_ioctl mddev_syspend
-> suspend all io
md_add_new_disk
bind_rdev_to_array
bd_link_disk_holder
try lock open_mutex [2]
md_handle_request
-> wait mddev_resume
T1 scan partition, T2 add a new device to raid. T1 waits for T2 to resume
mddev, but T2 waits for open_mutex held by T1. Deadlock occurs.
Fix it by introducing a local mutex 'blk_holder_mutex' to replace
'open_mutex'.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1b0a2d950ee2a54aa04fb31ead32144be0bbf690 , < 1e5c5b0abaee7b62a10b9707a62083b71ad21f62
(git)
Affected: 1b0a2d950ee2a54aa04fb31ead32144be0bbf690 , < 5a87c1f7993bc8ac358a3766bac5dc7126e01e98 (git) Affected: 1b0a2d950ee2a54aa04fb31ead32144be0bbf690 , < 03f12122b20b6e6028e9ed69030a49f9cffcbb75 (git) |
|
| Linux | Linux |
Affected:
6.7
Unaffected: 0 , < 6.7 (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T16:21:25.318881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:21:49.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e5c5b0abaee7b62a10b9707a62083b71ad21f62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a87c1f7993bc8ac358a3766bac5dc7126e01e98"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03f12122b20b6e6028e9ed69030a49f9cffcbb75"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/holder.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1e5c5b0abaee7b62a10b9707a62083b71ad21f62",
"status": "affected",
"version": "1b0a2d950ee2a54aa04fb31ead32144be0bbf690",
"versionType": "git"
},
{
"lessThan": "5a87c1f7993bc8ac358a3766bac5dc7126e01e98",
"status": "affected",
"version": "1b0a2d950ee2a54aa04fb31ead32144be0bbf690",
"versionType": "git"
},
{
"lessThan": "03f12122b20b6e6028e9ed69030a49f9cffcbb75",
"status": "affected",
"version": "1b0a2d950ee2a54aa04fb31ead32144be0bbf690",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/holder.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between bd_link_disk_holder and partition scan\n\n\u0027open_mutex\u0027 of gendisk is used to protect open/close block devices. But\nin bd_link_disk_holder(), it is used to protect the creation of symlink\nbetween holding disk and slave bdev, which introduces some issues.\n\nWhen bd_link_disk_holder() is called, the driver is usually in the process\nof initialization/modification and may suspend submitting io. At this\ntime, any io hold \u0027open_mutex\u0027, such as scanning partitions, can cause\ndeadlocks. For example, in raid:\n\nT1 T2\nbdev_open_by_dev\n lock open_mutex [1]\n ...\n efi_partition\n ...\n md_submit_bio\n\t\t\t\tmd_ioctl mddev_syspend\n\t\t\t\t -\u003e suspend all io\n\t\t\t\t md_add_new_disk\n\t\t\t\t bind_rdev_to_array\n\t\t\t\t bd_link_disk_holder\n\t\t\t\t try lock open_mutex [2]\n md_handle_request\n -\u003e wait mddev_resume\n\nT1 scan partition, T2 add a new device to raid. T1 waits for T2 to resume\nmddev, but T2 waits for open_mutex held by T1. Deadlock occurs.\n\nFix it by introducing a local mutex \u0027blk_holder_mutex\u0027 to replace\n\u0027open_mutex\u0027."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:06:34.466Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1e5c5b0abaee7b62a10b9707a62083b71ad21f62"
},
{
"url": "https://git.kernel.org/stable/c/5a87c1f7993bc8ac358a3766bac5dc7126e01e98"
},
{
"url": "https://git.kernel.org/stable/c/03f12122b20b6e6028e9ed69030a49f9cffcbb75"
}
],
"title": "block: fix deadlock between bd_link_disk_holder and partition scan",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26899",
"datePublished": "2024-04-17T10:27:49.089Z",
"dateReserved": "2024-02-19T14:20:24.187Z",
"dateUpdated": "2026-05-11T20:06:34.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26900 (GCVE-0-2024-26900)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2026-05-11 20:06
VLAI
EPSS
Title
md: fix kmemleak of rdev->serial
Summary
In the Linux kernel, the following vulnerability has been resolved:
md: fix kmemleak of rdev->serial
If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be
alloc not be freed, and kmemleak occurs.
unreferenced object 0xffff88815a350000 (size 49152):
comm "mdadm", pid 789, jiffies 4294716910
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc f773277a):
[<0000000058b0a453>] kmemleak_alloc+0x61/0xe0
[<00000000366adf14>] __kmalloc_large_node+0x15e/0x270
[<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f
[<00000000f206d60a>] kvmalloc_node+0x74/0x150
[<0000000034bf3363>] rdev_init_serial+0x67/0x170
[<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220
[<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630
[<0000000073c28560>] md_add_new_disk+0x400/0x9f0
[<00000000770e30ff>] md_ioctl+0x15bf/0x1c10
[<000000006cfab718>] blkdev_ioctl+0x191/0x3f0
[<0000000085086a11>] vfs_ioctl+0x22/0x60
[<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0
[<00000000e54e675e>] do_syscall_64+0x71/0x150
[<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/fb5b347efd1bda989… | |
| https://git.kernel.org/stable/c/f3a1787dc48213f6c… | |
| https://git.kernel.org/stable/c/beaf11969fd5cbe6f… | |
| https://git.kernel.org/stable/c/9fd0198f7ef06ae0d… | |
| https://git.kernel.org/stable/c/6d32c832a88513f65… | |
| https://git.kernel.org/stable/c/4c1021ce46fc2fb61… | |
| https://git.kernel.org/stable/c/6cf350658736681b9… | |
| https://lists.debian.org/debian-lts-announce/2024… | x_transferred |
| https://security.netapp.com/advisory/ntap-2024091… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
963c555e75b033202dd76cf6325a7b7c83d08d5f , < fb5b347efd1bda989846ffc74679d181222fb123
(git)
Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < f3a1787dc48213f6caea5ba7d47e0222e7fa34a9 (git) Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9 (git) Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < 9fd0198f7ef06ae0d6636fb0578560857dead995 (git) Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < 6d32c832a88513f65c2c2c9c75954ee8b387adea (git) Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < 4c1021ce46fc2fb6115f7e79d353941e6dcad366 (git) Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < 6cf350658736681b9d6b0b6e58c5c76b235bb4c4 (git) |
|
| Linux | Linux |
Affected:
5.3
Unaffected: 0 , < 5.3 (semver) Unaffected: 5.10.217 , ≤ 5.10.* (semver) Unaffected: 5.15.159 , ≤ 5.15.* (semver) Unaffected: 6.1.91 , ≤ 6.1.* (semver) Unaffected: 6.6.31 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-12T16:02:57.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240912-0011/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:48:06.560564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:23.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/md.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fb5b347efd1bda989846ffc74679d181222fb123",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "f3a1787dc48213f6caea5ba7d47e0222e7fa34a9",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "9fd0198f7ef06ae0d6636fb0578560857dead995",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "6d32c832a88513f65c2c2c9c75954ee8b387adea",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "4c1021ce46fc2fb6115f7e79d353941e6dcad366",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "6cf350658736681b9d6b0b6e58c5c76b235bb4c4",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/md.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix kmemleak of rdev-\u003eserial\n\nIf kobject_add() is fail in bind_rdev_to_array(), \u0027rdev-\u003eserial\u0027 will be\nalloc not be freed, and kmemleak occurs.\n\nunreferenced object 0xffff88815a350000 (size 49152):\n comm \"mdadm\", pid 789, jiffies 4294716910\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc f773277a):\n [\u003c0000000058b0a453\u003e] kmemleak_alloc+0x61/0xe0\n [\u003c00000000366adf14\u003e] __kmalloc_large_node+0x15e/0x270\n [\u003c000000002e82961b\u003e] __kmalloc_node.cold+0x11/0x7f\n [\u003c00000000f206d60a\u003e] kvmalloc_node+0x74/0x150\n [\u003c0000000034bf3363\u003e] rdev_init_serial+0x67/0x170\n [\u003c0000000010e08fe9\u003e] mddev_create_serial_pool+0x62/0x220\n [\u003c00000000c3837bf0\u003e] bind_rdev_to_array+0x2af/0x630\n [\u003c0000000073c28560\u003e] md_add_new_disk+0x400/0x9f0\n [\u003c00000000770e30ff\u003e] md_ioctl+0x15bf/0x1c10\n [\u003c000000006cfab718\u003e] blkdev_ioctl+0x191/0x3f0\n [\u003c0000000085086a11\u003e] vfs_ioctl+0x22/0x60\n [\u003c0000000018b656fe\u003e] __x64_sys_ioctl+0xba/0xe0\n [\u003c00000000e54e675e\u003e] do_syscall_64+0x71/0x150\n [\u003c000000008b0ad622\u003e] entry_SYSCALL_64_after_hwframe+0x6c/0x74"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:06:35.615Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123"
},
{
"url": "https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9"
},
{
"url": "https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9"
},
{
"url": "https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995"
},
{
"url": "https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea"
},
{
"url": "https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366"
},
{
"url": "https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4"
}
],
"title": "md: fix kmemleak of rdev-\u003eserial",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26900",
"datePublished": "2024-04-17T10:27:49.707Z",
"dateReserved": "2024-02-19T14:20:24.187Z",
"dateUpdated": "2026-05-11T20:06:35.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26901 (GCVE-0-2024-26901)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2026-05-12 11:50
VLAI
EPSS
Title
do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
Summary
In the Linux kernel, the following vulnerability has been resolved:
do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
syzbot identified a kernel information leak vulnerability in
do_sys_name_to_handle() and issued the following report [1].
[1]
"BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40
instrument_copy_to_user include/linux/instrumented.h:114 [inline]
_copy_to_user+0xbc/0x100 lib/usercopy.c:40
copy_to_user include/linux/uaccess.h:191 [inline]
do_sys_name_to_handle fs/fhandle.c:73 [inline]
__do_sys_name_to_handle_at fs/fhandle.c:112 [inline]
__se_sys_name_to_handle_at+0x949/0xb10 fs/fhandle.c:94
__x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94
...
Uninit was created at:
slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
slab_alloc_node mm/slub.c:3478 [inline]
__kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517
__do_kmalloc_node mm/slab_common.c:1006 [inline]
__kmalloc+0x121/0x3c0 mm/slab_common.c:1020
kmalloc include/linux/slab.h:604 [inline]
do_sys_name_to_handle fs/fhandle.c:39 [inline]
__do_sys_name_to_handle_at fs/fhandle.c:112 [inline]
__se_sys_name_to_handle_at+0x441/0xb10 fs/fhandle.c:94
__x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94
...
Bytes 18-19 of 20 are uninitialized
Memory access of size 20 starts at ffff888128a46380
Data copied to user address 0000000020000240"
Per Chuck Lever's suggestion, use kzalloc() instead of kmalloc() to
solve the problem.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/4bac28f441e3cc9d3… | |
| https://git.kernel.org/stable/c/772a7def9868091da… | |
| https://git.kernel.org/stable/c/cde76b3af247f6154… | |
| https://git.kernel.org/stable/c/423b6bdf19bbc5e1f… | |
| https://git.kernel.org/stable/c/e6450d5e46a737a00… | |
| https://git.kernel.org/stable/c/c1362eae861db28b1… | |
| https://git.kernel.org/stable/c/cba138f1ef37ec6f9… | |
| https://git.kernel.org/stable/c/bf9ec1b24ab4e9434… | |
| https://git.kernel.org/stable/c/3948abaa4e2be938c… | |
| https://lists.debian.org/debian-lts-announce/2024… | x_transferred |
| https://lists.debian.org/debian-lts-announce/2024… | x_transferred |
| https://cert-portal.siemens.com/productcert/html/… | |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
990d6c2d7aee921e3bce22b2d6a750fd552262be , < 4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1
(git)
Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < 772a7def9868091da3bcb0d6c6ff9f0c03d7fa8b (git) Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < cde76b3af247f615447bcfecf610bb76c3529126 (git) Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < 423b6bdf19bbc5e1f7e7461045099917378f7e71 (git) Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < e6450d5e46a737a008b4885aa223486113bf0ad6 (git) Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < c1362eae861db28b1608b9dc23e49634fe87b63b (git) Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < cba138f1ef37ec6f961baeab62f312dedc7cf730 (git) Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < bf9ec1b24ab4e94345aa1c60811dd329f069c38b (git) Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < 3948abaa4e2be938ccdfc289385a27342fb13d43 (git) |
|
| Linux | Linux |
Affected:
2.6.39
Unaffected: 0 , < 2.6.39 (semver) Unaffected: 4.19.311 , ≤ 4.19.* (semver) Unaffected: 5.4.273 , ≤ 5.4.* (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T15:11:22.418196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T19:03:33.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/772a7def9868091da3bcb0d6c6ff9f0c03d7fa8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cde76b3af247f615447bcfecf610bb76c3529126"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/423b6bdf19bbc5e1f7e7461045099917378f7e71"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e6450d5e46a737a008b4885aa223486113bf0ad6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1362eae861db28b1608b9dc23e49634fe87b63b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cba138f1ef37ec6f961baeab62f312dedc7cf730"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bf9ec1b24ab4e94345aa1c60811dd329f069c38b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3948abaa4e2be938ccdfc289385a27342fb13d43"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:50:28.880Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/fhandle.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "772a7def9868091da3bcb0d6c6ff9f0c03d7fa8b",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "cde76b3af247f615447bcfecf610bb76c3529126",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "423b6bdf19bbc5e1f7e7461045099917378f7e71",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "e6450d5e46a737a008b4885aa223486113bf0ad6",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "c1362eae861db28b1608b9dc23e49634fe87b63b",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "cba138f1ef37ec6f961baeab62f312dedc7cf730",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "bf9ec1b24ab4e94345aa1c60811dd329f069c38b",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "3948abaa4e2be938ccdfc289385a27342fb13d43",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/fhandle.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.39"
},
{
"lessThan": "2.6.39",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak\n\nsyzbot identified a kernel information leak vulnerability in\ndo_sys_name_to_handle() and issued the following report [1].\n\n[1]\n\"BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n _copy_to_user+0xbc/0x100 lib/usercopy.c:40\n copy_to_user include/linux/uaccess.h:191 [inline]\n do_sys_name_to_handle fs/fhandle.c:73 [inline]\n __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]\n __se_sys_name_to_handle_at+0x949/0xb10 fs/fhandle.c:94\n __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94\n ...\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517\n __do_kmalloc_node mm/slab_common.c:1006 [inline]\n __kmalloc+0x121/0x3c0 mm/slab_common.c:1020\n kmalloc include/linux/slab.h:604 [inline]\n do_sys_name_to_handle fs/fhandle.c:39 [inline]\n __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]\n __se_sys_name_to_handle_at+0x441/0xb10 fs/fhandle.c:94\n __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94\n ...\n\nBytes 18-19 of 20 are uninitialized\nMemory access of size 20 starts at ffff888128a46380\nData copied to user address 0000000020000240\"\n\nPer Chuck Lever\u0027s suggestion, use kzalloc() instead of kmalloc() to\nsolve the problem."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:06:36.908Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1"
},
{
"url": "https://git.kernel.org/stable/c/772a7def9868091da3bcb0d6c6ff9f0c03d7fa8b"
},
{
"url": "https://git.kernel.org/stable/c/cde76b3af247f615447bcfecf610bb76c3529126"
},
{
"url": "https://git.kernel.org/stable/c/423b6bdf19bbc5e1f7e7461045099917378f7e71"
},
{
"url": "https://git.kernel.org/stable/c/e6450d5e46a737a008b4885aa223486113bf0ad6"
},
{
"url": "https://git.kernel.org/stable/c/c1362eae861db28b1608b9dc23e49634fe87b63b"
},
{
"url": "https://git.kernel.org/stable/c/cba138f1ef37ec6f961baeab62f312dedc7cf730"
},
{
"url": "https://git.kernel.org/stable/c/bf9ec1b24ab4e94345aa1c60811dd329f069c38b"
},
{
"url": "https://git.kernel.org/stable/c/3948abaa4e2be938ccdfc289385a27342fb13d43"
}
],
"title": "do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26901",
"datePublished": "2024-04-17T10:27:50.374Z",
"dateReserved": "2024-02-19T14:20:24.187Z",
"dateUpdated": "2026-05-12T11:50:28.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26903 (GCVE-0-2024-26903)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2026-05-12 11:50
VLAI
EPSS
Title
Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
During our fuzz testing of the connection and disconnection process at the
RFCOMM layer, we discovered this bug. By comparing the packets from a
normal connection and disconnection process with the testcase that
triggered a KASAN report. We analyzed the cause of this bug as follows:
1. In the packets captured during a normal connection, the host sends a
`Read Encryption Key Size` type of `HCI_CMD` packet
(Command Opcode: 0x1408) to the controller to inquire the length of
encryption key.After receiving this packet, the controller immediately
replies with a Command Completepacket (Event Code: 0x0e) to return the
Encryption Key Size.
2. In our fuzz test case, the timing of the controller's response to this
packet was delayed to an unexpected point: after the RFCOMM and L2CAP
layers had disconnected but before the HCI layer had disconnected.
3. After receiving the Encryption Key Size Response at the time described
in point 2, the host still called the rfcomm_check_security function.
However, by this time `struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;`
had already been released, and when the function executed
`return hci_conn_security(conn->hcon, d->sec_level, auth_type, d->out);`,
specifically when accessing `conn->hcon`, a null-ptr-deref error occurred.
To fix this bug, check if `sk->sk_state` is BT_CLOSED before calling
rfcomm_recv_frame in rfcomm_process_rx.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/369f419c097e82407… | |
| https://git.kernel.org/stable/c/5f369efd9d963c1f7… | |
| https://git.kernel.org/stable/c/81d7d920a22fd58ef… | |
| https://git.kernel.org/stable/c/8d1753973f598531b… | |
| https://git.kernel.org/stable/c/567c0411dc3b424fc… | |
| https://git.kernel.org/stable/c/3ead59bafad05f296… | |
| https://git.kernel.org/stable/c/5f9fe302dd3a9bbc5… | |
| https://git.kernel.org/stable/c/2535b848fa0f42ddf… | |
| https://lists.debian.org/debian-lts-announce/2024… | x_transferred |
| https://lists.debian.org/debian-lts-announce/2024… | x_transferred |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 369f419c097e82407dd429a202cde9a73d3ae29b
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 5f369efd9d963c1f711a06c9b8baf9f5ce616d85 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 81d7d920a22fd58ef9aedb1bd0a68ee32bd23e96 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8d1753973f598531baaa2c1033cf7f7b5bb004b0 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 567c0411dc3b424fc7bd1e6109726d7ba32d4f73 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3ead59bafad05f2967ae2438c0528d53244cfde5 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 5f9fe302dd3a9bbc50f4888464c1773f45166bfd (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2535b848fa0f42ddff3e5255cf5e742c9b77bb26 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 4.19.311 , ≤ 4.19.* (semver) Unaffected: 5.4.273 , ≤ 5.4.* (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:41:13.860273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T18:14:57.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/369f419c097e82407dd429a202cde9a73d3ae29b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f369efd9d963c1f711a06c9b8baf9f5ce616d85"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81d7d920a22fd58ef9aedb1bd0a68ee32bd23e96"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d1753973f598531baaa2c1033cf7f7b5bb004b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/567c0411dc3b424fc7bd1e6109726d7ba32d4f73"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ead59bafad05f2967ae2438c0528d53244cfde5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f9fe302dd3a9bbc50f4888464c1773f45166bfd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2535b848fa0f42ddff3e5255cf5e742c9b77bb26"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:50:30.061Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/rfcomm/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "369f419c097e82407dd429a202cde9a73d3ae29b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5f369efd9d963c1f711a06c9b8baf9f5ce616d85",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "81d7d920a22fd58ef9aedb1bd0a68ee32bd23e96",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8d1753973f598531baaa2c1033cf7f7b5bb004b0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "567c0411dc3b424fc7bd1e6109726d7ba32d4f73",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3ead59bafad05f2967ae2438c0528d53244cfde5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5f9fe302dd3a9bbc50f4888464c1773f45166bfd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2535b848fa0f42ddff3e5255cf5e742c9b77bb26",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/rfcomm/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security\n\nDuring our fuzz testing of the connection and disconnection process at the\nRFCOMM layer, we discovered this bug. By comparing the packets from a\nnormal connection and disconnection process with the testcase that\ntriggered a KASAN report. We analyzed the cause of this bug as follows:\n\n1. In the packets captured during a normal connection, the host sends a\n`Read Encryption Key Size` type of `HCI_CMD` packet\n(Command Opcode: 0x1408) to the controller to inquire the length of\nencryption key.After receiving this packet, the controller immediately\nreplies with a Command Completepacket (Event Code: 0x0e) to return the\nEncryption Key Size.\n\n2. In our fuzz test case, the timing of the controller\u0027s response to this\npacket was delayed to an unexpected point: after the RFCOMM and L2CAP\nlayers had disconnected but before the HCI layer had disconnected.\n\n3. After receiving the Encryption Key Size Response at the time described\nin point 2, the host still called the rfcomm_check_security function.\nHowever, by this time `struct l2cap_conn *conn = l2cap_pi(sk)-\u003echan-\u003econn;`\nhad already been released, and when the function executed\n`return hci_conn_security(conn-\u003ehcon, d-\u003esec_level, auth_type, d-\u003eout);`,\nspecifically when accessing `conn-\u003ehcon`, a null-ptr-deref error occurred.\n\nTo fix this bug, check if `sk-\u003esk_state` is BT_CLOSED before calling\nrfcomm_recv_frame in rfcomm_process_rx."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:06:39.486Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/369f419c097e82407dd429a202cde9a73d3ae29b"
},
{
"url": "https://git.kernel.org/stable/c/5f369efd9d963c1f711a06c9b8baf9f5ce616d85"
},
{
"url": "https://git.kernel.org/stable/c/81d7d920a22fd58ef9aedb1bd0a68ee32bd23e96"
},
{
"url": "https://git.kernel.org/stable/c/8d1753973f598531baaa2c1033cf7f7b5bb004b0"
},
{
"url": "https://git.kernel.org/stable/c/567c0411dc3b424fc7bd1e6109726d7ba32d4f73"
},
{
"url": "https://git.kernel.org/stable/c/3ead59bafad05f2967ae2438c0528d53244cfde5"
},
{
"url": "https://git.kernel.org/stable/c/5f9fe302dd3a9bbc50f4888464c1773f45166bfd"
},
{
"url": "https://git.kernel.org/stable/c/2535b848fa0f42ddff3e5255cf5e742c9b77bb26"
}
],
"title": "Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26903",
"datePublished": "2024-04-17T10:27:51.673Z",
"dateReserved": "2024-02-19T14:20:24.187Z",
"dateUpdated": "2026-05-12T11:50:30.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26906 (GCVE-0-2024-26906)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2026-05-12 11:50
VLAI
EPSS
Title
x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
When trying to use copy_from_kernel_nofault() to read vsyscall page
through a bpf program, the following oops was reported:
BUG: unable to handle page fault for address: ffffffffff600000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 3231067 P4D 3231067 PUD 3233067 PMD 3235067 PTE 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 1 PID: 20390 Comm: test_progs ...... 6.7.0+ #58
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......
RIP: 0010:copy_from_kernel_nofault+0x6f/0x110
......
Call Trace:
<TASK>
? copy_from_kernel_nofault+0x6f/0x110
bpf_probe_read_kernel+0x1d/0x50
bpf_prog_2061065e56845f08_do_probe_read+0x51/0x8d
trace_call_bpf+0xc5/0x1c0
perf_call_bpf_enter.isra.0+0x69/0xb0
perf_syscall_enter+0x13e/0x200
syscall_trace_enter+0x188/0x1c0
do_syscall_64+0xb5/0xe0
entry_SYSCALL_64_after_hwframe+0x6e/0x76
</TASK>
......
---[ end trace 0000000000000000 ]---
The oops is triggered when:
1) A bpf program uses bpf_probe_read_kernel() to read from the vsyscall
page and invokes copy_from_kernel_nofault() which in turn calls
__get_user_asm().
2) Because the vsyscall page address is not readable from kernel space,
a page fault exception is triggered accordingly.
3) handle_page_fault() considers the vsyscall page address as a user
space address instead of a kernel space address. This results in the
fix-up setup by bpf not being applied and a page_fault_oops() is invoked
due to SMAP.
Considering handle_page_fault() has already considered the vsyscall page
address as a userspace address, fix the problem by disallowing vsyscall
page read for copy_from_kernel_nofault().
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/6e4694e65b6db4c3d… | |
| https://git.kernel.org/stable/c/e8a67fe34b76a4932… | |
| https://git.kernel.org/stable/c/f175de546a3eb7761… | |
| https://git.kernel.org/stable/c/57f78c46f08198e1b… | |
| https://git.kernel.org/stable/c/29bd6f86904682ada… | |
| https://git.kernel.org/stable/c/32019c659ecfe1d92… | |
| https://lists.debian.org/debian-lts-announce/2024… | x_transferred |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
75a1a607bb7e6d918be3aca11ec2214a275392f4 , < 6e4694e65b6db4c3de125115dd4f55848cc48381
(git)
Affected: 75a1a607bb7e6d918be3aca11ec2214a275392f4 , < e8a67fe34b76a49320b33032228a794f40b0316b (git) Affected: 75a1a607bb7e6d918be3aca11ec2214a275392f4 , < f175de546a3eb77614d94d4c02550181c0a8493e (git) Affected: 75a1a607bb7e6d918be3aca11ec2214a275392f4 , < 57f78c46f08198e1be08ffe99c4c1ccc12855bf5 (git) Affected: 75a1a607bb7e6d918be3aca11ec2214a275392f4 , < 29bd6f86904682adafe9affbc7f79b14defcaff8 (git) Affected: 75a1a607bb7e6d918be3aca11ec2214a275392f4 , < 32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58 (git) |
|
| Linux | Linux |
Affected:
5.5
Unaffected: 0 , < 5.5 (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e4694e65b6db4c3de125115dd4f55848cc48381"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8a67fe34b76a49320b33032228a794f40b0316b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f175de546a3eb77614d94d4c02550181c0a8493e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57f78c46f08198e1be08ffe99c4c1ccc12855bf5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29bd6f86904682adafe9affbc7f79b14defcaff8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:47:59.842385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:22.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:50:31.220Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/mm/maccess.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6e4694e65b6db4c3de125115dd4f55848cc48381",
"status": "affected",
"version": "75a1a607bb7e6d918be3aca11ec2214a275392f4",
"versionType": "git"
},
{
"lessThan": "e8a67fe34b76a49320b33032228a794f40b0316b",
"status": "affected",
"version": "75a1a607bb7e6d918be3aca11ec2214a275392f4",
"versionType": "git"
},
{
"lessThan": "f175de546a3eb77614d94d4c02550181c0a8493e",
"status": "affected",
"version": "75a1a607bb7e6d918be3aca11ec2214a275392f4",
"versionType": "git"
},
{
"lessThan": "57f78c46f08198e1be08ffe99c4c1ccc12855bf5",
"status": "affected",
"version": "75a1a607bb7e6d918be3aca11ec2214a275392f4",
"versionType": "git"
},
{
"lessThan": "29bd6f86904682adafe9affbc7f79b14defcaff8",
"status": "affected",
"version": "75a1a607bb7e6d918be3aca11ec2214a275392f4",
"versionType": "git"
},
{
"lessThan": "32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58",
"status": "affected",
"version": "75a1a607bb7e6d918be3aca11ec2214a275392f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/mm/maccess.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()\n\nWhen trying to use copy_from_kernel_nofault() to read vsyscall page\nthrough a bpf program, the following oops was reported:\n\n BUG: unable to handle page fault for address: ffffffffff600000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 3231067 P4D 3231067 PUD 3233067 PMD 3235067 PTE 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 20390 Comm: test_progs ...... 6.7.0+ #58\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......\n RIP: 0010:copy_from_kernel_nofault+0x6f/0x110\n ......\n Call Trace:\n \u003cTASK\u003e\n ? copy_from_kernel_nofault+0x6f/0x110\n bpf_probe_read_kernel+0x1d/0x50\n bpf_prog_2061065e56845f08_do_probe_read+0x51/0x8d\n trace_call_bpf+0xc5/0x1c0\n perf_call_bpf_enter.isra.0+0x69/0xb0\n perf_syscall_enter+0x13e/0x200\n syscall_trace_enter+0x188/0x1c0\n do_syscall_64+0xb5/0xe0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n \u003c/TASK\u003e\n ......\n ---[ end trace 0000000000000000 ]---\n\nThe oops is triggered when:\n\n1) A bpf program uses bpf_probe_read_kernel() to read from the vsyscall\npage and invokes copy_from_kernel_nofault() which in turn calls\n__get_user_asm().\n\n2) Because the vsyscall page address is not readable from kernel space,\na page fault exception is triggered accordingly.\n\n3) handle_page_fault() considers the vsyscall page address as a user\nspace address instead of a kernel space address. This results in the\nfix-up setup by bpf not being applied and a page_fault_oops() is invoked\ndue to SMAP.\n\nConsidering handle_page_fault() has already considered the vsyscall page\naddress as a userspace address, fix the problem by disallowing vsyscall\npage read for copy_from_kernel_nofault()."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:06:40.672Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6e4694e65b6db4c3de125115dd4f55848cc48381"
},
{
"url": "https://git.kernel.org/stable/c/e8a67fe34b76a49320b33032228a794f40b0316b"
},
{
"url": "https://git.kernel.org/stable/c/f175de546a3eb77614d94d4c02550181c0a8493e"
},
{
"url": "https://git.kernel.org/stable/c/57f78c46f08198e1be08ffe99c4c1ccc12855bf5"
},
{
"url": "https://git.kernel.org/stable/c/29bd6f86904682adafe9affbc7f79b14defcaff8"
},
{
"url": "https://git.kernel.org/stable/c/32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58"
}
],
"title": "x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26906",
"datePublished": "2024-04-17T10:27:53.573Z",
"dateReserved": "2024-02-19T14:20:24.187Z",
"dateUpdated": "2026-05-12T11:50:31.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26907 (GCVE-0-2024-26907)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2026-05-12 11:50
VLAI
EPSS
Title
RDMA/mlx5: Fix fortify source warning while accessing Eth segment
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix fortify source warning while accessing Eth segment
------------[ cut here ]------------
memcpy: detected field-spanning write (size 56) of single field "eseg->inline_hdr.start" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2)
WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy
[last unloaded: mlx_compat(OE)]
CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7
RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8
R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80
FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
? show_regs+0x72/0x90
? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
? __warn+0x8d/0x160
? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
? report_bug+0x1bb/0x1d0
? handle_bug+0x46/0x90
? exc_invalid_op+0x19/0x80
? asm_exc_invalid_op+0x1b/0x20
? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
mlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib]
ipoib_send+0x2ec/0x770 [ib_ipoib]
ipoib_start_xmit+0x5a0/0x770 [ib_ipoib]
dev_hard_start_xmit+0x8e/0x1e0
? validate_xmit_skb_list+0x4d/0x80
sch_direct_xmit+0x116/0x3a0
__dev_xmit_skb+0x1fd/0x580
__dev_queue_xmit+0x284/0x6b0
? _raw_spin_unlock_irq+0xe/0x50
? __flush_work.isra.0+0x20d/0x370
? push_pseudo_header+0x17/0x40 [ib_ipoib]
neigh_connected_output+0xcd/0x110
ip_finish_output2+0x179/0x480
? __smp_call_single_queue+0x61/0xa0
__ip_finish_output+0xc3/0x190
ip_finish_output+0x2e/0xf0
ip_output+0x78/0x110
? __pfx_ip_finish_output+0x10/0x10
ip_local_out+0x64/0x70
__ip_queue_xmit+0x18a/0x460
ip_queue_xmit+0x15/0x30
__tcp_transmit_skb+0x914/0x9c0
tcp_write_xmit+0x334/0x8d0
tcp_push_one+0x3c/0x60
tcp_sendmsg_locked+0x2e1/0xac0
tcp_sendmsg+0x2d/0x50
inet_sendmsg+0x43/0x90
sock_sendmsg+0x68/0x80
sock_write_iter+0x93/0x100
vfs_write+0x326/0x3c0
ksys_write+0xbd/0xf0
? do_syscall_64+0x69/0x90
__x64_sys_write+0x19/0x30
do_syscall_
---truncated---
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/d27c48dc309da72c3… | |
| https://git.kernel.org/stable/c/60ba938a8bc8c90e7… | |
| https://git.kernel.org/stable/c/cad82f1671e41094a… | |
| https://git.kernel.org/stable/c/9a624a5f95733bac4… | |
| https://git.kernel.org/stable/c/185fa07000e0a81d5… | |
| https://git.kernel.org/stable/c/4d5e86a56615cc387… | |
| https://lists.debian.org/debian-lts-announce/2024… | x_transferred |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
34f4c9554d8b2a7d2deb9503e9373b598ee3279f , < d27c48dc309da72c3b46351a1205d89687272baa
(git)
Affected: 34f4c9554d8b2a7d2deb9503e9373b598ee3279f , < 60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d (git) Affected: 34f4c9554d8b2a7d2deb9503e9373b598ee3279f , < cad82f1671e41094acd3b9a60cd27d67a3c64a21 (git) Affected: 34f4c9554d8b2a7d2deb9503e9373b598ee3279f , < 9a624a5f95733bac4648ecadb320ca83aa9c08fd (git) Affected: 34f4c9554d8b2a7d2deb9503e9373b598ee3279f , < 185fa07000e0a81d54cf8c05414cebff14469a5c (git) Affected: 34f4c9554d8b2a7d2deb9503e9373b598ee3279f , < 4d5e86a56615cc387d21c629f9af8fb0e958d350 (git) |
|
| Linux | Linux |
Affected:
5.0
Unaffected: 0 , < 5.0 (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
|
| linux | linux_kernel |
Affected:
1da177e4c3f4 , < d27c48dc309d
(custom)
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Unaffected:
5.10.214 , ≤ 5.11
(custom)
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Unaffected:
6.183 , ≤ 6.2
(custom)
cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Unaffected:
6.623 , ≤ 6.7
(custom)
cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Unaffected:
6.711 , ≤ 6.8
(custom)
cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Unaffected:
6.8 , ≤ *
(custom)
cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Unaffected:
5.15.153 , ≤ 5.16
(custom)
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Affected:
1da177e4c3f4 , < 60ba938a8bc8
(custom)
Affected: 1da177e4c3f4 , ≤ cad82f1671e4 (custom) Affected: 1da177e4c3f4 , ≤ 9a624a5f9573 (custom) Affected: 1da177e4c3f4 , ≤ 185fa07000e0 (custom) Affected: 1da177e4c3f4 , ≤ 4d5e86a56615 (custom) cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cad82f1671e41094acd3b9a60cd27d67a3c64a21"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a624a5f95733bac4648ecadb320ca83aa9c08fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/185fa07000e0a81d54cf8c05414cebff14469a5c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d5e86a56615cc387d21c629f9af8fb0e958d350"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "d27c48dc309d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.214",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.183",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.623",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.8",
"status": "unaffected",
"version": "6.711",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.153",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "60ba938a8bc8",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThanOrEqual": "cad82f1671e4",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThanOrEqual": "9a624a5f9573",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThanOrEqual": "185fa07000e0",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThanOrEqual": "4d5e86a56615",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:55:44.551098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:55:51.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:50:32.349Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/mlx5/wr.c",
"include/linux/mlx5/qp.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d27c48dc309da72c3b46351a1205d89687272baa",
"status": "affected",
"version": "34f4c9554d8b2a7d2deb9503e9373b598ee3279f",
"versionType": "git"
},
{
"lessThan": "60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d",
"status": "affected",
"version": "34f4c9554d8b2a7d2deb9503e9373b598ee3279f",
"versionType": "git"
},
{
"lessThan": "cad82f1671e41094acd3b9a60cd27d67a3c64a21",
"status": "affected",
"version": "34f4c9554d8b2a7d2deb9503e9373b598ee3279f",
"versionType": "git"
},
{
"lessThan": "9a624a5f95733bac4648ecadb320ca83aa9c08fd",
"status": "affected",
"version": "34f4c9554d8b2a7d2deb9503e9373b598ee3279f",
"versionType": "git"
},
{
"lessThan": "185fa07000e0a81d54cf8c05414cebff14469a5c",
"status": "affected",
"version": "34f4c9554d8b2a7d2deb9503e9373b598ee3279f",
"versionType": "git"
},
{
"lessThan": "4d5e86a56615cc387d21c629f9af8fb0e958d350",
"status": "affected",
"version": "34f4c9554d8b2a7d2deb9503e9373b598ee3279f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/mlx5/wr.c",
"include/linux/mlx5/qp.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix fortify source warning while accessing Eth segment\n\n ------------[ cut here ]------------\n memcpy: detected field-spanning write (size 56) of single field \"eseg-\u003einline_hdr.start\" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2)\n WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy\n [last unloaded: mlx_compat(OE)]\n CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu\n Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da \u003c0f\u003e 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7\n RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8\n R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80\n FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x72/0x90\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n ? __warn+0x8d/0x160\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n ? report_bug+0x1bb/0x1d0\n ? handle_bug+0x46/0x90\n ? exc_invalid_op+0x19/0x80\n ? asm_exc_invalid_op+0x1b/0x20\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n mlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib]\n ipoib_send+0x2ec/0x770 [ib_ipoib]\n ipoib_start_xmit+0x5a0/0x770 [ib_ipoib]\n dev_hard_start_xmit+0x8e/0x1e0\n ? validate_xmit_skb_list+0x4d/0x80\n sch_direct_xmit+0x116/0x3a0\n __dev_xmit_skb+0x1fd/0x580\n __dev_queue_xmit+0x284/0x6b0\n ? _raw_spin_unlock_irq+0xe/0x50\n ? __flush_work.isra.0+0x20d/0x370\n ? push_pseudo_header+0x17/0x40 [ib_ipoib]\n neigh_connected_output+0xcd/0x110\n ip_finish_output2+0x179/0x480\n ? __smp_call_single_queue+0x61/0xa0\n __ip_finish_output+0xc3/0x190\n ip_finish_output+0x2e/0xf0\n ip_output+0x78/0x110\n ? __pfx_ip_finish_output+0x10/0x10\n ip_local_out+0x64/0x70\n __ip_queue_xmit+0x18a/0x460\n ip_queue_xmit+0x15/0x30\n __tcp_transmit_skb+0x914/0x9c0\n tcp_write_xmit+0x334/0x8d0\n tcp_push_one+0x3c/0x60\n tcp_sendmsg_locked+0x2e1/0xac0\n tcp_sendmsg+0x2d/0x50\n inet_sendmsg+0x43/0x90\n sock_sendmsg+0x68/0x80\n sock_write_iter+0x93/0x100\n vfs_write+0x326/0x3c0\n ksys_write+0xbd/0xf0\n ? do_syscall_64+0x69/0x90\n __x64_sys_write+0x19/0x30\n do_syscall_\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:06:41.859Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa"
},
{
"url": "https://git.kernel.org/stable/c/60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d"
},
{
"url": "https://git.kernel.org/stable/c/cad82f1671e41094acd3b9a60cd27d67a3c64a21"
},
{
"url": "https://git.kernel.org/stable/c/9a624a5f95733bac4648ecadb320ca83aa9c08fd"
},
{
"url": "https://git.kernel.org/stable/c/185fa07000e0a81d54cf8c05414cebff14469a5c"
},
{
"url": "https://git.kernel.org/stable/c/4d5e86a56615cc387d21c629f9af8fb0e958d350"
}
],
"title": "RDMA/mlx5: Fix fortify source warning while accessing Eth segment",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26907",
"datePublished": "2024-04-17T10:27:54.194Z",
"dateReserved": "2024-02-19T14:20:24.187Z",
"dateUpdated": "2026-05-12T11:50:32.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26915 (GCVE-0-2024-26915)
Vulnerability from cvelistv5 – Published: 2024-04-17 15:59 – Updated: 2026-05-11 20:06
VLAI
EPSS
Title
drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
Allows us to detect subsequent IH ring buffer overflows as well.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 9a9d00c23d170d4ef5a1b28e6b69f5c85dd12bc1
(git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < a28f4d1e0bed85943d309ac243fd1c200f8af9a2 (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 8983397951b4b0bd51bb4b4ba9749424e1ccbb70 (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 2827633c9dab6304ec4cdbf369363219832e605d (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 7330256268664ea0a7dd5b07a3fed363093477dd (git) |
|
| Linux | Linux |
Affected:
4.2
Unaffected: 0 , < 4.2 (semver) Unaffected: 5.15.152 , ≤ 5.15.* (semver) Unaffected: 6.1.82 , ≤ 6.1.* (semver) Unaffected: 6.6.18 , ≤ 6.6.* (semver) Unaffected: 6.7.6 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T20:53:44.445859Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:17:08.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a9d00c23d170d4ef5a1b28e6b69f5c85dd12bc1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a28f4d1e0bed85943d309ac243fd1c200f8af9a2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8983397951b4b0bd51bb4b4ba9749424e1ccbb70"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2827633c9dab6304ec4cdbf369363219832e605d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7330256268664ea0a7dd5b07a3fed363093477dd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/cik_ih.c",
"drivers/gpu/drm/amd/amdgpu/cz_ih.c",
"drivers/gpu/drm/amd/amdgpu/iceland_ih.c",
"drivers/gpu/drm/amd/amdgpu/ih_v6_0.c",
"drivers/gpu/drm/amd/amdgpu/ih_v6_1.c",
"drivers/gpu/drm/amd/amdgpu/navi10_ih.c",
"drivers/gpu/drm/amd/amdgpu/si_ih.c",
"drivers/gpu/drm/amd/amdgpu/tonga_ih.c",
"drivers/gpu/drm/amd/amdgpu/vega10_ih.c",
"drivers/gpu/drm/amd/amdgpu/vega20_ih.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9a9d00c23d170d4ef5a1b28e6b69f5c85dd12bc1",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "a28f4d1e0bed85943d309ac243fd1c200f8af9a2",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "8983397951b4b0bd51bb4b4ba9749424e1ccbb70",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "2827633c9dab6304ec4cdbf369363219832e605d",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "7330256268664ea0a7dd5b07a3fed363093477dd",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/cik_ih.c",
"drivers/gpu/drm/amd/amdgpu/cz_ih.c",
"drivers/gpu/drm/amd/amdgpu/iceland_ih.c",
"drivers/gpu/drm/amd/amdgpu/ih_v6_0.c",
"drivers/gpu/drm/amd/amdgpu/ih_v6_1.c",
"drivers/gpu/drm/amd/amdgpu/navi10_ih.c",
"drivers/gpu/drm/amd/amdgpu/si_ih.c",
"drivers/gpu/drm/amd/amdgpu/tonga_ih.c",
"drivers/gpu/drm/amd/amdgpu/vega10_ih.c",
"drivers/gpu/drm/amd/amdgpu/vega20_ih.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.82",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Reset IH OVERFLOW_CLEAR bit\n\nAllows us to detect subsequent IH ring buffer overflows as well."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:06:50.020Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9a9d00c23d170d4ef5a1b28e6b69f5c85dd12bc1"
},
{
"url": "https://git.kernel.org/stable/c/a28f4d1e0bed85943d309ac243fd1c200f8af9a2"
},
{
"url": "https://git.kernel.org/stable/c/8983397951b4b0bd51bb4b4ba9749424e1ccbb70"
},
{
"url": "https://git.kernel.org/stable/c/2827633c9dab6304ec4cdbf369363219832e605d"
},
{
"url": "https://git.kernel.org/stable/c/7330256268664ea0a7dd5b07a3fed363093477dd"
}
],
"title": "drm/amdgpu: Reset IH OVERFLOW_CLEAR bit",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26915",
"datePublished": "2024-04-17T15:59:25.079Z",
"dateReserved": "2024-02-19T14:20:24.193Z",
"dateUpdated": "2026-05-11T20:06:50.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26922 (GCVE-0-2024-26922)
Vulnerability from cvelistv5 – Published: 2024-04-23 13:05 – Updated: 2026-05-11 20:06
VLAI
EPSS
Title
drm/amdgpu: validate the parameters of bo mapping operations more clearly
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: validate the parameters of bo mapping operations more clearly
Verify the parameters of
amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/d4da6b084f1c56259… | |
| https://git.kernel.org/stable/c/f68039375d4d6d673… | |
| https://git.kernel.org/stable/c/1fd7db5c16028dc07… | |
| https://git.kernel.org/stable/c/8b12fc7b032633539… | |
| https://git.kernel.org/stable/c/212e3baccdb193960… | |
| https://git.kernel.org/stable/c/ef13eeca7c79136bc… | |
| https://git.kernel.org/stable/c/b1f04b9b1c5317f56… | |
| https://git.kernel.org/stable/c/6fef2d4c00b5b8561… | |
| https://lists.debian.org/debian-lts-announce/2024… | x_transferred |
| https://lists.debian.org/debian-lts-announce/2024… | x_transferred |
| https://lists.fedoraproject.org/archives/list/pac… | |
| https://lists.fedoraproject.org/archives/list/pac… | |
| https://lists.fedoraproject.org/archives/list/pac… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < d4da6b084f1c5625937d49bb6722c5b4aef11b8d
(git)
Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < f68039375d4d6d67303674c0ab2d06b7295c0ec9 (git) Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < 1fd7db5c16028dc07b2ceec190f2e895dddb532d (git) Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < 8b12fc7b032633539acdf7864888b0ebd49e90f2 (git) Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < 212e3baccdb1939606420d88f7f52d346b49a284 (git) Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < ef13eeca7c79136bc38e21eb67322c1cbd5c40ee (git) Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < b1f04b9b1c5317f562a455384c5f7473e46bdbaa (git) Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < 6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75 (git) |
|
| Linux | Linux |
Affected:
4.12
Unaffected: 0 , < 4.12 (semver) Unaffected: 4.19.313 , ≤ 4.19.* (semver) Unaffected: 5.4.275 , ≤ 5.4.* (semver) Unaffected: 5.10.216 , ≤ 5.10.* (semver) Unaffected: 5.15.157 , ≤ 5.15.* (semver) Unaffected: 6.1.88 , ≤ 6.1.* (semver) Unaffected: 6.6.29 , ≤ 6.6.* (semver) Unaffected: 6.8.8 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:14:43.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4da6b084f1c5625937d49bb6722c5b4aef11b8d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f68039375d4d6d67303674c0ab2d06b7295c0ec9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1fd7db5c16028dc07b2ceec190f2e895dddb532d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b12fc7b032633539acdf7864888b0ebd49e90f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/212e3baccdb1939606420d88f7f52d346b49a284"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef13eeca7c79136bc38e21eb67322c1cbd5c40ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b1f04b9b1c5317f562a455384c5f7473e46bdbaa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:46:55.644106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:15.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d4da6b084f1c5625937d49bb6722c5b4aef11b8d",
"status": "affected",
"version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
"versionType": "git"
},
{
"lessThan": "f68039375d4d6d67303674c0ab2d06b7295c0ec9",
"status": "affected",
"version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
"versionType": "git"
},
{
"lessThan": "1fd7db5c16028dc07b2ceec190f2e895dddb532d",
"status": "affected",
"version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
"versionType": "git"
},
{
"lessThan": "8b12fc7b032633539acdf7864888b0ebd49e90f2",
"status": "affected",
"version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
"versionType": "git"
},
{
"lessThan": "212e3baccdb1939606420d88f7f52d346b49a284",
"status": "affected",
"version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
"versionType": "git"
},
{
"lessThan": "ef13eeca7c79136bc38e21eb67322c1cbd5c40ee",
"status": "affected",
"version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
"versionType": "git"
},
{
"lessThan": "b1f04b9b1c5317f562a455384c5f7473e46bdbaa",
"status": "affected",
"version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
"versionType": "git"
},
{
"lessThan": "6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75",
"status": "affected",
"version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.313",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.313",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: validate the parameters of bo mapping operations more clearly\n\nVerify the parameters of\namdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:06:58.587Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d4da6b084f1c5625937d49bb6722c5b4aef11b8d"
},
{
"url": "https://git.kernel.org/stable/c/f68039375d4d6d67303674c0ab2d06b7295c0ec9"
},
{
"url": "https://git.kernel.org/stable/c/1fd7db5c16028dc07b2ceec190f2e895dddb532d"
},
{
"url": "https://git.kernel.org/stable/c/8b12fc7b032633539acdf7864888b0ebd49e90f2"
},
{
"url": "https://git.kernel.org/stable/c/212e3baccdb1939606420d88f7f52d346b49a284"
},
{
"url": "https://git.kernel.org/stable/c/ef13eeca7c79136bc38e21eb67322c1cbd5c40ee"
},
{
"url": "https://git.kernel.org/stable/c/b1f04b9b1c5317f562a455384c5f7473e46bdbaa"
},
{
"url": "https://git.kernel.org/stable/c/6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75"
}
],
"title": "drm/amdgpu: validate the parameters of bo mapping operations more clearly",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26922",
"datePublished": "2024-04-23T13:05:04.243Z",
"dateReserved": "2024-02-19T14:20:24.194Z",
"dateUpdated": "2026-05-11T20:06:58.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26924 (GCVE-0-2024-26924)
Vulnerability from cvelistv5 – Published: 2024-04-24 21:49 – Updated: 2026-05-11 20:07
VLAI
EPSS
Title
netfilter: nft_set_pipapo: do not free live element
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: do not free live element
Pablo reports a crash with large batches of elements with a
back-to-back add/remove pattern. Quoting Pablo:
add_elem("00000000") timeout 100 ms
...
add_elem("0000000X") timeout 100 ms
del_elem("0000000X") <---------------- delete one that was just added
...
add_elem("00005000") timeout 100 ms
1) nft_pipapo_remove() removes element 0000000X
Then, KASAN shows a splat.
Looking at the remove function there is a chance that we will drop a
rule that maps to a non-deactivated element.
Removal happens in two steps, first we do a lookup for key k and return the
to-be-removed element and mark it as inactive in the next generation.
Then, in a second step, the element gets removed from the set/map.
The _remove function does not work correctly if we have more than one
element that share the same key.
This can happen if we insert an element into a set when the set already
holds an element with same key, but the element mapping to the existing
key has timed out or is not active in the next generation.
In such case its possible that removal will unmap the wrong element.
If this happens, we will leak the non-deactivated element, it becomes
unreachable.
The element that got deactivated (and will be freed later) will
remain reachable in the set data structure, this can result in
a crash when such an element is retrieved during lookup (stale
pointer).
Add a check that the fully matching key does in fact map to the element
that we have marked as inactive in the deactivation step.
If not, we need to continue searching.
Add a bug/warn trap at the end of the function as well, the remove
function must not ever be called with an invisible/unreachable/non-existent
element.
v2: avoid uneeded temporary variable (Stefano)
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/e3b887a9c11caf835… | |
| https://git.kernel.org/stable/c/7a1679e2d9bfa3b5f… | |
| https://git.kernel.org/stable/c/41d8fdf3afaff312e… | |
| https://git.kernel.org/stable/c/ebf7c9746f073035e… | |
| https://git.kernel.org/stable/c/14b001ba221136c15… | |
| https://git.kernel.org/stable/c/3cfc9ec039af60dbd… | |
| https://lists.debian.org/debian-lts-announce/2024… | x_transferred |
| https://lists.fedoraproject.org/archives/list/pac… | |
| https://lists.fedoraproject.org/archives/list/pac… | |
| https://lists.fedoraproject.org/archives/list/pac… |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
3c4287f62044a90e73a561aa05fc46e62da173da , < e3b887a9c11caf8357a821260e095f2a694a34f2
(git)
Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < 7a1679e2d9bfa3b5f8755c2c7113e54b7d42bd46 (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < 41d8fdf3afaff312e17466e4ab732937738d5644 (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < ebf7c9746f073035ee26209e38c3a1170f7b349a (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < 14b001ba221136c15f894577253e8db535b99487 (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < 3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc (git) |
|
| Linux | Linux |
Affected:
5.6
Unaffected: 0 , < 5.6 (semver) Unaffected: 5.10.216 , ≤ 5.10.* (semver) Unaffected: 5.15.157 , ≤ 5.15.* (semver) Unaffected: 6.1.88 , ≤ 6.1.* (semver) Unaffected: 6.6.29 , ≤ 6.6.* (semver) Unaffected: 6.8.8 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
|
| linux | linux_kernel |
Affected:
5.6
cpe:2.3:o:linux:linux_kernel:5.6:*:*:*:*:*:*:* |
|
| linux | linux_kernel |
Affected:
3c4287f62044
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.6"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "3c4287f62044"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T16:46:54.309255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:06.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:14:47.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3b887a9c11caf8357a821260e095f2a694a34f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a1679e2d9bfa3b5f8755c2c7113e54b7d42bd46"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41d8fdf3afaff312e17466e4ab732937738d5644"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ebf7c9746f073035ee26209e38c3a1170f7b349a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14b001ba221136c15f894577253e8db535b99487"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e3b887a9c11caf8357a821260e095f2a694a34f2",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "7a1679e2d9bfa3b5f8755c2c7113e54b7d42bd46",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "41d8fdf3afaff312e17466e4ab732937738d5644",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "ebf7c9746f073035ee26209e38c3a1170f7b349a",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "14b001ba221136c15f894577253e8db535b99487",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: do not free live element\n\nPablo reports a crash with large batches of elements with a\nback-to-back add/remove pattern. Quoting Pablo:\n\n add_elem(\"00000000\") timeout 100 ms\n ...\n add_elem(\"0000000X\") timeout 100 ms\n del_elem(\"0000000X\") \u003c---------------- delete one that was just added\n ...\n add_elem(\"00005000\") timeout 100 ms\n\n 1) nft_pipapo_remove() removes element 0000000X\n Then, KASAN shows a splat.\n\nLooking at the remove function there is a chance that we will drop a\nrule that maps to a non-deactivated element.\n\nRemoval happens in two steps, first we do a lookup for key k and return the\nto-be-removed element and mark it as inactive in the next generation.\nThen, in a second step, the element gets removed from the set/map.\n\nThe _remove function does not work correctly if we have more than one\nelement that share the same key.\n\nThis can happen if we insert an element into a set when the set already\nholds an element with same key, but the element mapping to the existing\nkey has timed out or is not active in the next generation.\n\nIn such case its possible that removal will unmap the wrong element.\nIf this happens, we will leak the non-deactivated element, it becomes\nunreachable.\n\nThe element that got deactivated (and will be freed later) will\nremain reachable in the set data structure, this can result in\na crash when such an element is retrieved during lookup (stale\npointer).\n\nAdd a check that the fully matching key does in fact map to the element\nthat we have marked as inactive in the deactivation step.\nIf not, we need to continue searching.\n\nAdd a bug/warn trap at the end of the function as well, the remove\nfunction must not ever be called with an invisible/unreachable/non-existent\nelement.\n\nv2: avoid uneeded temporary variable (Stefano)"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:07:00.903Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e3b887a9c11caf8357a821260e095f2a694a34f2"
},
{
"url": "https://git.kernel.org/stable/c/7a1679e2d9bfa3b5f8755c2c7113e54b7d42bd46"
},
{
"url": "https://git.kernel.org/stable/c/41d8fdf3afaff312e17466e4ab732937738d5644"
},
{
"url": "https://git.kernel.org/stable/c/ebf7c9746f073035ee26209e38c3a1170f7b349a"
},
{
"url": "https://git.kernel.org/stable/c/14b001ba221136c15f894577253e8db535b99487"
},
{
"url": "https://git.kernel.org/stable/c/3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc"
}
],
"title": "netfilter: nft_set_pipapo: do not free live element",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26924",
"datePublished": "2024-04-24T21:49:22.631Z",
"dateReserved": "2024-02-19T14:20:24.194Z",
"dateUpdated": "2026-05-11T20:07:00.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26925 (GCVE-0-2024-26925)
Vulnerability from cvelistv5 – Published: 2024-04-24 21:49 – Updated: 2026-05-23 15:40
VLAI
EPSS
Title
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
The commit mutex should not be released during the critical section
between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC
worker could collect expired objects and get the released commit lock
within the same GC sequence.
nf_tables_module_autoload() temporarily releases the mutex to load
module dependencies, then it goes back to replay the transaction again.
Move it at the end of the abort phase after nft_gc_seq_end() is called.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/61ac7284346c32f9a… | |
| https://git.kernel.org/stable/c/2cee2ff7f8cce12a6… | |
| https://git.kernel.org/stable/c/eb769ff4e281f751a… | |
| https://git.kernel.org/stable/c/8d3a58af50e46167b… | |
| https://git.kernel.org/stable/c/8038ee3c3e5b59bcd… | |
| https://git.kernel.org/stable/c/a34ba4bdeec0c3b62… | |
| https://git.kernel.org/stable/c/0d459e2ffb5418417… | |
| https://lists.debian.org/debian-lts-announce/2024… | x_transferred |
| https://cert-portal.siemens.com/productcert/html/… | |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
27 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4b6346dc1edfb9839d6edee7360ed31a22fa6c95 , < 61ac7284346c32f9a8c8ceac56102f7914060428
(git)
Affected: 23292bdfda5f04e704a843b8f97b0eb95ace1ca6 , < 2cee2ff7f8cce12a63a0a23ffe27f08d99541494 (git) Affected: b44a459c6561595ed7c3679599c5279204132b33 , < eb769ff4e281f751adcaf4f4445cbf30817be139 (git) Affected: 5d319f7a81431c6bb32eb4dc7d7975f99e2c8c66 , < 8d3a58af50e46167b6f1db47adadad03c0045dae (git) Affected: 720344340fb9be2765bbaab7b292ece0a4570eae , < 8038ee3c3e5b59bcd78467686db5270c68544e30 (git) Affected: 720344340fb9be2765bbaab7b292ece0a4570eae , < a34ba4bdeec0c3b629160497594908dc820110f1 (git) Affected: 720344340fb9be2765bbaab7b292ece0a4570eae , < 0d459e2ffb541841714839e8228b845458ed3b27 (git) Affected: f85ca36090cbb252bcbc95fc74c2853fc792694f (git) Affected: e07e68823116563bdbc49cef185cda6f463bc534 (git) Affected: 5.4.262 , < 5.4.274 (semver) Affected: 5.10.198 , < 5.10.215 (semver) Affected: 5.15.134 , < 5.15.155 (semver) Affected: 6.1.56 , < 6.1.86 (semver) Affected: 4.19.316 , < 4.20 (semver) Affected: 6.4.13 , < 6.5 (semver) |
|
| Linux | Linux |
Affected:
6.5
Unaffected: 0 , < 6.5 (semver) Unaffected: 5.4.274 , ≤ 5.4.* (semver) Unaffected: 5.10.215 , ≤ 5.10.* (semver) Unaffected: 5.15.155 , ≤ 5.15.* (semver) Unaffected: 6.1.86 , ≤ 6.1.* (semver) Unaffected: 6.6.26 , ≤ 6.6.* (semver) Unaffected: 6.8.5 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RM1224 LTE(4G) EU |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | RUGGEDCOM RM1224 LTE(4G) NAM |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M804PB |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M812-1 ADSL-Router |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M816-1 ADSL-Router |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M826-2 SHDSL-Router |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M874-2 |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M874-3 |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M874-3 3G-Router (CN) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M876-3 |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M876-3 (ROK) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M876-4 |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M876-4 (EU) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M876-4 (NAM) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE MUM853-1 (A1) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE MUM853-1 (B1) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE MUM853-1 (EU) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (A1) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (B1) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (CN) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (EU) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (RoW) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE S615 EEC LAN-Router |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE S615 LAN-Router |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61ac7284346c32f9a8c8ceac56102f7914060428"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2cee2ff7f8cce12a63a0a23ffe27f08d99541494"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb769ff4e281f751adcaf4f4445cbf30817be139"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d3a58af50e46167b6f1db47adadad03c0045dae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8038ee3c3e5b59bcd78467686db5270c68544e30"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a34ba4bdeec0c3b629160497594908dc820110f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d459e2ffb541841714839e8228b845458ed3b27"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:46:30.592135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:12.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) EU",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) NAM",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M804PB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M826-2 SHDSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-3 3G-Router (CN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3 (ROK)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (NAM)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (A1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (B1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (A1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (B1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (CN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (RoW)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 EEC LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:50:41.681Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "61ac7284346c32f9a8c8ceac56102f7914060428",
"status": "affected",
"version": "4b6346dc1edfb9839d6edee7360ed31a22fa6c95",
"versionType": "git"
},
{
"lessThan": "2cee2ff7f8cce12a63a0a23ffe27f08d99541494",
"status": "affected",
"version": "23292bdfda5f04e704a843b8f97b0eb95ace1ca6",
"versionType": "git"
},
{
"lessThan": "eb769ff4e281f751adcaf4f4445cbf30817be139",
"status": "affected",
"version": "b44a459c6561595ed7c3679599c5279204132b33",
"versionType": "git"
},
{
"lessThan": "8d3a58af50e46167b6f1db47adadad03c0045dae",
"status": "affected",
"version": "5d319f7a81431c6bb32eb4dc7d7975f99e2c8c66",
"versionType": "git"
},
{
"lessThan": "8038ee3c3e5b59bcd78467686db5270c68544e30",
"status": "affected",
"version": "720344340fb9be2765bbaab7b292ece0a4570eae",
"versionType": "git"
},
{
"lessThan": "a34ba4bdeec0c3b629160497594908dc820110f1",
"status": "affected",
"version": "720344340fb9be2765bbaab7b292ece0a4570eae",
"versionType": "git"
},
{
"lessThan": "0d459e2ffb541841714839e8228b845458ed3b27",
"status": "affected",
"version": "720344340fb9be2765bbaab7b292ece0a4570eae",
"versionType": "git"
},
{
"status": "affected",
"version": "f85ca36090cbb252bcbc95fc74c2853fc792694f",
"versionType": "git"
},
{
"status": "affected",
"version": "e07e68823116563bdbc49cef185cda6f463bc534",
"versionType": "git"
},
{
"lessThan": "5.4.274",
"status": "affected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThan": "5.10.215",
"status": "affected",
"version": "5.10.198",
"versionType": "semver"
},
{
"lessThan": "5.15.155",
"status": "affected",
"version": "5.15.134",
"versionType": "semver"
},
{
"lessThan": "6.1.86",
"status": "affected",
"version": "6.1.56",
"versionType": "semver"
},
{
"lessThan": "4.20",
"status": "affected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThan": "6.5",
"status": "affected",
"version": "6.4.13",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.155",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.155",
"versionStartIncluding": "5.15.134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"versionStartIncluding": "6.1.56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: release mutex after nft_gc_seq_end from abort path\n\nThe commit mutex should not be released during the critical section\nbetween nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC\nworker could collect expired objects and get the released commit lock\nwithin the same GC sequence.\n\nnf_tables_module_autoload() temporarily releases the mutex to load\nmodule dependencies, then it goes back to replay the transaction again.\nMove it at the end of the abort phase after nft_gc_seq_end() is called."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:40:17.304Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/61ac7284346c32f9a8c8ceac56102f7914060428"
},
{
"url": "https://git.kernel.org/stable/c/2cee2ff7f8cce12a63a0a23ffe27f08d99541494"
},
{
"url": "https://git.kernel.org/stable/c/eb769ff4e281f751adcaf4f4445cbf30817be139"
},
{
"url": "https://git.kernel.org/stable/c/8d3a58af50e46167b6f1db47adadad03c0045dae"
},
{
"url": "https://git.kernel.org/stable/c/8038ee3c3e5b59bcd78467686db5270c68544e30"
},
{
"url": "https://git.kernel.org/stable/c/a34ba4bdeec0c3b629160497594908dc820110f1"
},
{
"url": "https://git.kernel.org/stable/c/0d459e2ffb541841714839e8228b845458ed3b27"
}
],
"title": "netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26925",
"datePublished": "2024-04-24T21:49:23.251Z",
"dateReserved": "2024-02-19T14:20:24.194Z",
"dateUpdated": "2026-05-23T15:40:17.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…