Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0580
Vulnerability from certfr_avis - Published: 2024-07-12 - Updated: 2024-07-12
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "N/A",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "N/A",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "N/A",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-27024",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27024"
},
{
"name": "CVE-2024-26601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26601"
},
{
"name": "CVE-2024-27051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27051"
},
{
"name": "CVE-2024-26898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26898"
},
{
"name": "CVE-2024-26816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26816"
},
{
"name": "CVE-2024-27030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27030"
},
{
"name": "CVE-2024-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
},
{
"name": "CVE-2024-26881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26881"
},
{
"name": "CVE-2024-27028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27028"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2024-26585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
},
{
"name": "CVE-2024-26754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26754"
},
{
"name": "CVE-2024-27078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27078"
},
{
"name": "CVE-2024-35828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35828"
},
{
"name": "CVE-2024-26848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26848"
},
{
"name": "CVE-2024-26883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26883"
},
{
"name": "CVE-2024-27034",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27034"
},
{
"name": "CVE-2024-26790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26790"
},
{
"name": "CVE-2024-27038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27038"
},
{
"name": "CVE-2024-26845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26845"
},
{
"name": "CVE-2024-26750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26750"
},
{
"name": "CVE-2024-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26603"
},
{
"name": "CVE-2024-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
},
{
"name": "CVE-2023-52640",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52640"
},
{
"name": "CVE-2024-27403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27403"
},
{
"name": "CVE-2024-35844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35844"
},
{
"name": "CVE-2024-26802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26802"
},
{
"name": "CVE-2024-26805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26805"
},
{
"name": "CVE-2024-26891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26891"
},
{
"name": "CVE-2024-26852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
},
{
"name": "CVE-2024-26774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26774"
},
{
"name": "CVE-2024-26879",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26879"
},
{
"name": "CVE-2024-26903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26903"
},
{
"name": "CVE-2024-26859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26859"
},
{
"name": "CVE-2024-26839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26839"
},
{
"name": "CVE-2024-26857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26857"
},
{
"name": "CVE-2024-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26720"
},
{
"name": "CVE-2024-27413",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27413"
},
{
"name": "CVE-2024-26801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
},
{
"name": "CVE-2024-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27043"
},
{
"name": "CVE-2023-7042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7042"
},
{
"name": "CVE-2024-27419",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27419"
},
{
"name": "CVE-2024-26643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26643"
},
{
"name": "CVE-2024-26779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
},
{
"name": "CVE-2024-26880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26880"
},
{
"name": "CVE-2023-52650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52650"
},
{
"name": "CVE-2024-26773",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26773"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2024-26763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26763"
},
{
"name": "CVE-2024-26895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26895"
},
{
"name": "CVE-2024-26749",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26749"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2024-26862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26862"
},
{
"name": "CVE-2024-35829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35829"
},
{
"name": "CVE-2024-26885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26885"
},
{
"name": "CVE-2021-47063",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47063"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2024-26751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26751"
},
{
"name": "CVE-2024-27065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27065"
},
{
"name": "CVE-2023-6270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6270"
},
{
"name": "CVE-2024-27388",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27388"
},
{
"name": "CVE-2024-27047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27047"
},
{
"name": "CVE-2024-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
},
{
"name": "CVE-2024-26787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26787"
},
{
"name": "CVE-2024-27412",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27412"
},
{
"name": "CVE-2024-26846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26846"
},
{
"name": "CVE-2024-27053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27053"
},
{
"name": "CVE-2024-27077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27077"
},
{
"name": "CVE-2024-26748",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26748"
},
{
"name": "CVE-2024-27037",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27037"
},
{
"name": "CVE-2024-26782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26782"
},
{
"name": "CVE-2024-26833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26833"
},
{
"name": "CVE-2024-26877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26877"
},
{
"name": "CVE-2023-52645",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52645"
},
{
"name": "CVE-2024-26792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26792"
},
{
"name": "CVE-2024-26915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26915"
},
{
"name": "CVE-2024-26803",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26803"
},
{
"name": "CVE-2024-27073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27073"
},
{
"name": "CVE-2024-26583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
},
{
"name": "CVE-2024-26642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
},
{
"name": "CVE-2024-27431",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27431"
},
{
"name": "CVE-2024-26922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26922"
},
{
"name": "CVE-2024-26733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2024-26688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26688"
},
{
"name": "CVE-2024-26861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26861"
},
{
"name": "CVE-2024-26906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26906"
},
{
"name": "CVE-2024-26840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26840"
},
{
"name": "CVE-2024-26889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26889"
},
{
"name": "CVE-2024-26584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
},
{
"name": "CVE-2024-27076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27076"
},
{
"name": "CVE-2024-35830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35830"
},
{
"name": "CVE-2023-52662",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52662"
},
{
"name": "CVE-2024-27417",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27417"
},
{
"name": "CVE-2024-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0841"
},
{
"name": "CVE-2024-26651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26651"
},
{
"name": "CVE-2024-27436",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27436"
},
{
"name": "CVE-2024-26776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26776"
},
{
"name": "CVE-2023-52497",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52497"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2024-26882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26882"
},
{
"name": "CVE-2023-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52434"
},
{
"name": "CVE-2024-26884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26884"
},
{
"name": "CVE-2024-26771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26771"
},
{
"name": "CVE-2024-26769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26769"
},
{
"name": "CVE-2024-26737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26737"
},
{
"name": "CVE-2024-22099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22099"
},
{
"name": "CVE-2024-27044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27044"
},
{
"name": "CVE-2024-27039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27039"
},
{
"name": "CVE-2024-27416",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27416"
},
{
"name": "CVE-2024-26747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26747"
},
{
"name": "CVE-2024-26843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26843"
},
{
"name": "CVE-2023-52620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52620"
},
{
"name": "CVE-2024-26659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
},
{
"name": "CVE-2024-26793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26793"
},
{
"name": "CVE-2024-26874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26874"
},
{
"name": "CVE-2024-27390",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27390"
},
{
"name": "CVE-2024-26838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26838"
},
{
"name": "CVE-2021-33631",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33631"
},
{
"name": "CVE-2024-26752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26752"
},
{
"name": "CVE-2024-26875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26875"
},
{
"name": "CVE-2024-26736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26736"
},
{
"name": "CVE-2024-27074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27074"
},
{
"name": "CVE-2023-52447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52447"
},
{
"name": "CVE-2023-52644",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52644"
},
{
"name": "CVE-2024-26894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26894"
},
{
"name": "CVE-2024-26820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26820"
},
{
"name": "CVE-2023-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
},
{
"name": "CVE-2024-27414",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27414"
},
{
"name": "CVE-2024-26777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26777"
},
{
"name": "CVE-2024-26764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26764"
},
{
"name": "CVE-2024-26878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26878"
},
{
"name": "CVE-2024-26778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26778"
},
{
"name": "CVE-2024-27054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27054"
},
{
"name": "CVE-2024-27045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27045"
},
{
"name": "CVE-2024-26872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26872"
},
{
"name": "CVE-2024-27075",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27075"
},
{
"name": "CVE-2024-26901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
},
{
"name": "CVE-2024-26863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26863"
},
{
"name": "CVE-2024-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2201"
},
{
"name": "CVE-2024-26798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26798"
},
{
"name": "CVE-2024-26856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26856"
},
{
"name": "CVE-2024-26925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26925"
},
{
"name": "CVE-2024-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
},
{
"name": "CVE-2024-26870",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26870"
},
{
"name": "CVE-2024-26835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26835"
},
{
"name": "CVE-2024-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26791"
},
{
"name": "CVE-2024-27415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27415"
},
{
"name": "CVE-2023-52641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52641"
},
{
"name": "CVE-2024-26772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26772"
},
{
"name": "CVE-2024-27405",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27405"
},
{
"name": "CVE-2024-26855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26855"
},
{
"name": "CVE-2024-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26766"
},
{
"name": "CVE-2024-27432",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27432"
},
{
"name": "CVE-2024-26795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26795"
},
{
"name": "CVE-2023-52656",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52656"
},
{
"name": "CVE-2024-26809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26809"
},
{
"name": "CVE-2024-26924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26924"
},
{
"name": "CVE-2024-26788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26788"
},
{
"name": "CVE-2023-52652",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52652"
},
{
"name": "CVE-2024-27410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
},
{
"name": "CVE-2024-24861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24861"
},
{
"name": "CVE-2024-26907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26907"
},
{
"name": "CVE-2024-27046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27046"
}
],
"initial_release_date": "2024-07-12T00:00:00",
"last_revision_date": "2024-07-12T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0580",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6866-3",
"url": "https://ubuntu.com/security/notices/USN-6866-3"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6892-1",
"url": "https://ubuntu.com/security/notices/USN-6892-1"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6868-2",
"url": "https://ubuntu.com/security/notices/USN-6868-2"
}
]
}
CVE-2024-26803 (GCVE-0-2024-26803)
Vulnerability from cvelistv5 – Published: 2024-04-04 08:20 – Updated: 2026-05-11 20:04
VLAI
EPSS
Title
net: veth: clear GRO when clearing XDP even when down
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: veth: clear GRO when clearing XDP even when down
veth sets NETIF_F_GRO automatically when XDP is enabled,
because both features use the same NAPI machinery.
The logic to clear NETIF_F_GRO sits in veth_disable_xdp() which
is called both on ndo_stop and when XDP is turned off.
To avoid the flag from being cleared when the device is brought
down, the clearing is skipped when IFF_UP is not set.
Bringing the device down should indeed not modify its features.
Unfortunately, this means that clearing is also skipped when
XDP is disabled _while_ the device is down. And there's nothing
on the open path to bring the device features back into sync.
IOW if user enables XDP, disables it and then brings the device
up we'll end up with a stray GRO flag set but no NAPI instances.
We don't depend on the GRO flag on the datapath, so the datapath
won't crash. We will crash (or hang), however, next time features
are sync'ed (either by user via ethtool or peer changing its config).
The GRO flag will go away, and veth will try to disable the NAPIs.
But the open path never created them since XDP was off, the GRO flag
was a stray. If NAPI was initialized before we'll hang in napi_disable().
If it never was we'll crash trying to stop uninitialized hrtimer.
Move the GRO flag updates to the XDP enable / disable paths,
instead of mixing them with the ndo_open / ndo_close paths.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
d3256efd8e8b234a6251e4d4580bd2c3c31fdc4c , < f011c103e654d83dc85f057a7d1bd0960d02831c
(git)
Affected: d3256efd8e8b234a6251e4d4580bd2c3c31fdc4c , < 7985d73961bbb4e726c1be7b9cd26becc7be8325 (git) Affected: d3256efd8e8b234a6251e4d4580bd2c3c31fdc4c , < 16edf51f33f52dff70ed455bc40a6cc443c04664 (git) Affected: d3256efd8e8b234a6251e4d4580bd2c3c31fdc4c , < 8f7a3894e58e6f5d5815533cfde60e3838947941 (git) Affected: d3256efd8e8b234a6251e4d4580bd2c3c31fdc4c , < fe9f801355f0b47668419f30f1fac1cf4539e736 (git) |
|
| Linux | Linux |
Affected:
5.13
Unaffected: 0 , < 5.13 (semver) Unaffected: 5.15.151 , ≤ 5.15.* (semver) Unaffected: 6.1.81 , ≤ 6.1.* (semver) Unaffected: 6.6.21 , ≤ 6.6.* (semver) Unaffected: 6.7.9 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f011c103e654d83dc85f057a7d1bd0960d02831c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7985d73961bbb4e726c1be7b9cd26becc7be8325"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16edf51f33f52dff70ed455bc40a6cc443c04664"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f7a3894e58e6f5d5815533cfde60e3838947941"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe9f801355f0b47668419f30f1fac1cf4539e736"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:50:46.385244Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:47.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/veth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f011c103e654d83dc85f057a7d1bd0960d02831c",
"status": "affected",
"version": "d3256efd8e8b234a6251e4d4580bd2c3c31fdc4c",
"versionType": "git"
},
{
"lessThan": "7985d73961bbb4e726c1be7b9cd26becc7be8325",
"status": "affected",
"version": "d3256efd8e8b234a6251e4d4580bd2c3c31fdc4c",
"versionType": "git"
},
{
"lessThan": "16edf51f33f52dff70ed455bc40a6cc443c04664",
"status": "affected",
"version": "d3256efd8e8b234a6251e4d4580bd2c3c31fdc4c",
"versionType": "git"
},
{
"lessThan": "8f7a3894e58e6f5d5815533cfde60e3838947941",
"status": "affected",
"version": "d3256efd8e8b234a6251e4d4580bd2c3c31fdc4c",
"versionType": "git"
},
{
"lessThan": "fe9f801355f0b47668419f30f1fac1cf4539e736",
"status": "affected",
"version": "d3256efd8e8b234a6251e4d4580bd2c3c31fdc4c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/veth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: veth: clear GRO when clearing XDP even when down\n\nveth sets NETIF_F_GRO automatically when XDP is enabled,\nbecause both features use the same NAPI machinery.\n\nThe logic to clear NETIF_F_GRO sits in veth_disable_xdp() which\nis called both on ndo_stop and when XDP is turned off.\nTo avoid the flag from being cleared when the device is brought\ndown, the clearing is skipped when IFF_UP is not set.\nBringing the device down should indeed not modify its features.\n\nUnfortunately, this means that clearing is also skipped when\nXDP is disabled _while_ the device is down. And there\u0027s nothing\non the open path to bring the device features back into sync.\nIOW if user enables XDP, disables it and then brings the device\nup we\u0027ll end up with a stray GRO flag set but no NAPI instances.\n\nWe don\u0027t depend on the GRO flag on the datapath, so the datapath\nwon\u0027t crash. We will crash (or hang), however, next time features\nare sync\u0027ed (either by user via ethtool or peer changing its config).\nThe GRO flag will go away, and veth will try to disable the NAPIs.\nBut the open path never created them since XDP was off, the GRO flag\nwas a stray. If NAPI was initialized before we\u0027ll hang in napi_disable().\nIf it never was we\u0027ll crash trying to stop uninitialized hrtimer.\n\nMove the GRO flag updates to the XDP enable / disable paths,\ninstead of mixing them with the ndo_open / ndo_close paths."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:04:28.502Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f011c103e654d83dc85f057a7d1bd0960d02831c"
},
{
"url": "https://git.kernel.org/stable/c/7985d73961bbb4e726c1be7b9cd26becc7be8325"
},
{
"url": "https://git.kernel.org/stable/c/16edf51f33f52dff70ed455bc40a6cc443c04664"
},
{
"url": "https://git.kernel.org/stable/c/8f7a3894e58e6f5d5815533cfde60e3838947941"
},
{
"url": "https://git.kernel.org/stable/c/fe9f801355f0b47668419f30f1fac1cf4539e736"
}
],
"title": "net: veth: clear GRO when clearing XDP even when down",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26803",
"datePublished": "2024-04-04T08:20:30.656Z",
"dateReserved": "2024-02-19T14:20:24.179Z",
"dateUpdated": "2026-05-11T20:04:28.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26804 (GCVE-0-2024-26804)
Vulnerability from cvelistv5 – Published: 2024-04-04 08:20 – Updated: 2026-05-23 15:38
VLAI
EPSS
Title
net: ip_tunnel: prevent perpetual headroom growth
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ip_tunnel: prevent perpetual headroom growth
syzkaller triggered following kasan splat:
BUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170
Read of size 1 at addr ffff88812fb4000e by task syz-executor183/5191
[..]
kasan_report+0xda/0x110 mm/kasan/report.c:588
__skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170
skb_flow_dissect_flow_keys include/linux/skbuff.h:1514 [inline]
___skb_get_hash net/core/flow_dissector.c:1791 [inline]
__skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856
skb_get_hash include/linux/skbuff.h:1556 [inline]
ip_tunnel_xmit+0x1855/0x33c0 net/ipv4/ip_tunnel.c:748
ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564
__dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
neigh_connected_output+0x42c/0x5d0 net/core/neighbour.c:1592
...
ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235
ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323
..
iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82
ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831
ipgre_xmit+0x4a1/0x980 net/ipv4/ip_gre.c:665
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564
...
The splat occurs because skb->data points past skb->head allocated area.
This is because neigh layer does:
__skb_pull(skb, skb_network_offset(skb));
... but skb_network_offset() returns a negative offset and __skb_pull()
arg is unsigned. IOW, we skb->data gets "adjusted" by a huge value.
The negative value is returned because skb->head and skb->data distance is
more than 64k and skb->network_header (u16) has wrapped around.
The bug is in the ip_tunnel infrastructure, which can cause
dev->needed_headroom to increment ad infinitum.
The syzkaller reproducer consists of packets getting routed via a gre
tunnel, and route of gre encapsulated packets pointing at another (ipip)
tunnel. The ipip encapsulation finds gre0 as next output device.
This results in the following pattern:
1). First packet is to be sent out via gre0.
Route lookup found an output device, ipip0.
2).
ip_tunnel_xmit for gre0 bumps gre0->needed_headroom based on the future
output device, rt.dev->needed_headroom (ipip0).
3).
ip output / start_xmit moves skb on to ipip0. which runs the same
code path again (xmit recursion).
4).
Routing step for the post-gre0-encap packet finds gre0 as output device
to use for ipip0 encapsulated packet.
tunl0->needed_headroom is then incremented based on the (already bumped)
gre0 device headroom.
This repeats for every future packet:
gre0->needed_headroom gets inflated because previous packets' ipip0 step
incremented rt->dev (gre0) headroom, and ipip0 incremented because gre0
needed_headroom was increased.
For each subsequent packet, gre/ipip0->needed_headroom grows until
post-expand-head reallocations result in a skb->head/data distance of
more than 64k.
Once that happens, skb->network_header (u16) wraps around when
pskb_expand_head tries to make sure that skb_network_offset() is unchanged
after the headroom expansion/reallocation.
After this skb_network_offset(skb) returns a different (and negative)
result post headroom expansion.
The next trip to neigh layer (or anything else that would __skb_pull the
network header) makes skb->data point to a memory location outside
skb->head area.
v2: Cap the needed_headroom update to an arbitarily chosen upperlimit to
prevent perpetual increase instead of dropping the headroom increment
completely.
Severity
5.3 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
243aad830e8a4cdda261626fbaeddde16b08d04a , < f81e94d2dcd2397137edcb8b85f4c5bed5d22383
(git)
Affected: 243aad830e8a4cdda261626fbaeddde16b08d04a , < 2e95350fe9db9d53c701075060ac8ac883b68aee (git) Affected: 243aad830e8a4cdda261626fbaeddde16b08d04a , < afec0c5cd2ed71ca95a8b36a5e6d03333bf34282 (git) Affected: 243aad830e8a4cdda261626fbaeddde16b08d04a , < ab63de24ebea36fe73ac7121738595d704b66d96 (git) Affected: 243aad830e8a4cdda261626fbaeddde16b08d04a , < a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9 (git) Affected: 243aad830e8a4cdda261626fbaeddde16b08d04a , < 049d7989c67e8dd50f07a2096dbafdb41331fb9b (git) Affected: 243aad830e8a4cdda261626fbaeddde16b08d04a , < 5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f (git) Affected: 03017375b0122453e6dda833ff7bd4191915def5 (git) Affected: 2.6.33.2 , < 2.6.34 (semver) |
|
| Linux | Linux |
Affected:
2.6.34
Unaffected: 0 , < 2.6.34 (semver) Unaffected: 5.4.271 , ≤ 5.4.* (semver) Unaffected: 5.10.212 , ≤ 5.10.* (semver) Unaffected: 5.15.151 , ≤ 5.15.* (semver) Unaffected: 6.1.81 , ≤ 6.1.* (semver) Unaffected: 6.6.21 , ≤ 6.6.* (semver) Unaffected: 6.7.9 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T16:26:17.359512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T16:40:15.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f81e94d2dcd2397137edcb8b85f4c5bed5d22383"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e95350fe9db9d53c701075060ac8ac883b68aee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afec0c5cd2ed71ca95a8b36a5e6d03333bf34282"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab63de24ebea36fe73ac7121738595d704b66d96"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/049d7989c67e8dd50f07a2096dbafdb41331fb9b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_tunnel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f81e94d2dcd2397137edcb8b85f4c5bed5d22383",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "2e95350fe9db9d53c701075060ac8ac883b68aee",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "afec0c5cd2ed71ca95a8b36a5e6d03333bf34282",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "ab63de24ebea36fe73ac7121738595d704b66d96",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "049d7989c67e8dd50f07a2096dbafdb41331fb9b",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"status": "affected",
"version": "03017375b0122453e6dda833ff7bd4191915def5",
"versionType": "git"
},
{
"lessThan": "2.6.34",
"status": "affected",
"version": "2.6.33.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_tunnel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.33.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ip_tunnel: prevent perpetual headroom growth\n\nsyzkaller triggered following kasan splat:\nBUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170\nRead of size 1 at addr ffff88812fb4000e by task syz-executor183/5191\n[..]\n kasan_report+0xda/0x110 mm/kasan/report.c:588\n __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170\n skb_flow_dissect_flow_keys include/linux/skbuff.h:1514 [inline]\n ___skb_get_hash net/core/flow_dissector.c:1791 [inline]\n __skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856\n skb_get_hash include/linux/skbuff.h:1556 [inline]\n ip_tunnel_xmit+0x1855/0x33c0 net/ipv4/ip_tunnel.c:748\n ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n neigh_connected_output+0x42c/0x5d0 net/core/neighbour.c:1592\n ...\n ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n ..\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831\n ipgre_xmit+0x4a1/0x980 net/ipv4/ip_gre.c:665\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564\n ...\n\nThe splat occurs because skb-\u003edata points past skb-\u003ehead allocated area.\nThis is because neigh layer does:\n __skb_pull(skb, skb_network_offset(skb));\n\n... but skb_network_offset() returns a negative offset and __skb_pull()\narg is unsigned. IOW, we skb-\u003edata gets \"adjusted\" by a huge value.\n\nThe negative value is returned because skb-\u003ehead and skb-\u003edata distance is\nmore than 64k and skb-\u003enetwork_header (u16) has wrapped around.\n\nThe bug is in the ip_tunnel infrastructure, which can cause\ndev-\u003eneeded_headroom to increment ad infinitum.\n\nThe syzkaller reproducer consists of packets getting routed via a gre\ntunnel, and route of gre encapsulated packets pointing at another (ipip)\ntunnel. The ipip encapsulation finds gre0 as next output device.\n\nThis results in the following pattern:\n\n1). First packet is to be sent out via gre0.\nRoute lookup found an output device, ipip0.\n\n2).\nip_tunnel_xmit for gre0 bumps gre0-\u003eneeded_headroom based on the future\noutput device, rt.dev-\u003eneeded_headroom (ipip0).\n\n3).\nip output / start_xmit moves skb on to ipip0. which runs the same\ncode path again (xmit recursion).\n\n4).\nRouting step for the post-gre0-encap packet finds gre0 as output device\nto use for ipip0 encapsulated packet.\n\ntunl0-\u003eneeded_headroom is then incremented based on the (already bumped)\ngre0 device headroom.\n\nThis repeats for every future packet:\n\ngre0-\u003eneeded_headroom gets inflated because previous packets\u0027 ipip0 step\nincremented rt-\u003edev (gre0) headroom, and ipip0 incremented because gre0\nneeded_headroom was increased.\n\nFor each subsequent packet, gre/ipip0-\u003eneeded_headroom grows until\npost-expand-head reallocations result in a skb-\u003ehead/data distance of\nmore than 64k.\n\nOnce that happens, skb-\u003enetwork_header (u16) wraps around when\npskb_expand_head tries to make sure that skb_network_offset() is unchanged\nafter the headroom expansion/reallocation.\n\nAfter this skb_network_offset(skb) returns a different (and negative)\nresult post headroom expansion.\n\nThe next trip to neigh layer (or anything else that would __skb_pull the\nnetwork header) makes skb-\u003edata point to a memory location outside\nskb-\u003ehead area.\n\nv2: Cap the needed_headroom update to an arbitarily chosen upperlimit to\nprevent perpetual increase instead of dropping the headroom increment\ncompletely."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:38:06.927Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f81e94d2dcd2397137edcb8b85f4c5bed5d22383"
},
{
"url": "https://git.kernel.org/stable/c/2e95350fe9db9d53c701075060ac8ac883b68aee"
},
{
"url": "https://git.kernel.org/stable/c/afec0c5cd2ed71ca95a8b36a5e6d03333bf34282"
},
{
"url": "https://git.kernel.org/stable/c/ab63de24ebea36fe73ac7121738595d704b66d96"
},
{
"url": "https://git.kernel.org/stable/c/a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9"
},
{
"url": "https://git.kernel.org/stable/c/049d7989c67e8dd50f07a2096dbafdb41331fb9b"
},
{
"url": "https://git.kernel.org/stable/c/5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f"
}
],
"title": "net: ip_tunnel: prevent perpetual headroom growth",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26804",
"datePublished": "2024-04-04T08:20:31.305Z",
"dateReserved": "2024-02-19T14:20:24.179Z",
"dateUpdated": "2026-05-23T15:38:06.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26805 (GCVE-0-2024-26805)
Vulnerability from cvelistv5 – Published: 2024-04-04 08:20 – Updated: 2026-05-23 15:38
VLAI
EPSS
Title
netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
Summary
In the Linux kernel, the following vulnerability has been resolved:
netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
syzbot reported the following uninit-value access issue [1]:
netlink_to_full_skb() creates a new `skb` and puts the `skb->data`
passed as a 1st arg of netlink_to_full_skb() onto new `skb`. The data
size is specified as `len` and passed to skb_put_data(). This `len`
is based on `skb->end` that is not data offset but buffer offset. The
`skb->end` contains data and tailroom. Since the tailroom is not
initialized when the new `skb` created, KMSAN detects uninitialized
memory area when copying the data.
This patch resolved this issue by correct the len from `skb->end` to
`skb->len`, which is the actual data offset.
BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak-after-free in copy_to_user_iter lib/iov_iter.c:24 [inline]
BUG: KMSAN: kernel-infoleak-after-free in iterate_ubuf include/linux/iov_iter.h:29 [inline]
BUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
BUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance include/linux/iov_iter.h:271 [inline]
BUG: KMSAN: kernel-infoleak-after-free in _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186
instrument_copy_to_user include/linux/instrumented.h:114 [inline]
copy_to_user_iter lib/iov_iter.c:24 [inline]
iterate_ubuf include/linux/iov_iter.h:29 [inline]
iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
iterate_and_advance include/linux/iov_iter.h:271 [inline]
_copy_to_iter+0x364/0x2520 lib/iov_iter.c:186
copy_to_iter include/linux/uio.h:197 [inline]
simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:532
__skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:420
skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546
skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline]
packet_recvmsg+0xd9c/0x2000 net/packet/af_packet.c:3482
sock_recvmsg_nosec net/socket.c:1044 [inline]
sock_recvmsg net/socket.c:1066 [inline]
sock_read_iter+0x467/0x580 net/socket.c:1136
call_read_iter include/linux/fs.h:2014 [inline]
new_sync_read fs/read_write.c:389 [inline]
vfs_read+0x8f6/0xe00 fs/read_write.c:470
ksys_read+0x20f/0x4c0 fs/read_write.c:613
__do_sys_read fs/read_write.c:623 [inline]
__se_sys_read fs/read_write.c:621 [inline]
__x64_sys_read+0x93/0xd0 fs/read_write.c:621
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was stored to memory at:
skb_put_data include/linux/skbuff.h:2622 [inline]
netlink_to_full_skb net/netlink/af_netlink.c:181 [inline]
__netlink_deliver_tap_skb net/netlink/af_netlink.c:298 [inline]
__netlink_deliver_tap+0x5be/0xc90 net/netlink/af_netlink.c:325
netlink_deliver_tap net/netlink/af_netlink.c:338 [inline]
netlink_deliver_tap_kernel net/netlink/af_netlink.c:347 [inline]
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x10f1/0x1250 net/netlink/af_netlink.c:1368
netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638
__sys_sendmsg net/socket.c:2667 [inline]
__do_sys_sendmsg net/socket.c:2676 [inline]
__se_sys_sendmsg net/socket.c:2674 [inline]
__x64_sys_sendmsg+0x307/0x490 net/socket.c:2674
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
free_pages_prepare mm/page_alloc.c:1087 [inline]
free_unref_page_prepare+0xb0/0xa40 mm/page_alloc.c:2347
free_unref_page_list+0xeb/0x1100 mm/page_alloc.c:2533
release_pages+0x23d3/0x2410 mm/swap.c:1042
free_pages_and_swap_cache+0xd9/0xf0 mm/swap_state.c:316
tlb_batch_pages
---truncated---
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1853c949646005b5959c483becde86608f548f24 , < ec343a55b687a452f5e87f3b52bf9f155864df65
(git)
Affected: 1853c949646005b5959c483becde86608f548f24 , < 9ae51361da43270f4ba0eb924427a07e87e48777 (git) Affected: 1853c949646005b5959c483becde86608f548f24 , < f19d1f98e60e68b11fc60839105dd02a30ec0d77 (git) Affected: 1853c949646005b5959c483becde86608f548f24 , < c71ed29d15b1a1ed6c464f8c3536996963046285 (git) Affected: 1853c949646005b5959c483becde86608f548f24 , < 0b27bf4c494d61e5663baa34c3edd7ccebf0ea44 (git) Affected: 1853c949646005b5959c483becde86608f548f24 , < d3ada42e534a83b618bbc1e490d23bf0fdae4736 (git) Affected: 1853c949646005b5959c483becde86608f548f24 , < 59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d (git) Affected: 1853c949646005b5959c483becde86608f548f24 , < 661779e1fcafe1b74b3f3fe8e980c1e207fea1fd (git) Affected: 92994a5f49d0a81c8643452d5c0a6e8b31d85a61 (git) Affected: 85aec6328f3346b0718211faad564a3ffa64f60e (git) Affected: d38200098e3203ba30ba06ed3f345ec6ca75234c (git) Affected: 65d48c630ff80a19c39751a4a6d3315f4c3c0280 (git) Affected: 62f43b58d2b2c4f0200b9ca2b997f4c484f0272f (git) Affected: 3.12.49 , < 3.13 (semver) Affected: 3.14.54 , < 3.15 (semver) Affected: 3.18.23 , < 3.19 (semver) Affected: 4.1.10 , < 4.2 (semver) Affected: 4.2.3 , < 4.3 (semver) |
|
| Linux | Linux |
Affected:
4.3
Unaffected: 0 , < 4.3 (semver) Unaffected: 4.19.309 , ≤ 4.19.* (semver) Unaffected: 5.4.271 , ≤ 5.4.* (semver) Unaffected: 5.10.212 , ≤ 5.10.* (semver) Unaffected: 5.15.151 , ≤ 5.15.* (semver) Unaffected: 6.1.81 , ≤ 6.1.* (semver) Unaffected: 6.6.21 , ≤ 6.6.* (semver) Unaffected: 6.7.9 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:06:14.957747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:06:26.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec343a55b687a452f5e87f3b52bf9f155864df65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ae51361da43270f4ba0eb924427a07e87e48777"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f19d1f98e60e68b11fc60839105dd02a30ec0d77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c71ed29d15b1a1ed6c464f8c3536996963046285"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b27bf4c494d61e5663baa34c3edd7ccebf0ea44"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d3ada42e534a83b618bbc1e490d23bf0fdae4736"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/661779e1fcafe1b74b3f3fe8e980c1e207fea1fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netlink/af_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ec343a55b687a452f5e87f3b52bf9f155864df65",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "9ae51361da43270f4ba0eb924427a07e87e48777",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "f19d1f98e60e68b11fc60839105dd02a30ec0d77",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "c71ed29d15b1a1ed6c464f8c3536996963046285",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "0b27bf4c494d61e5663baa34c3edd7ccebf0ea44",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "d3ada42e534a83b618bbc1e490d23bf0fdae4736",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "661779e1fcafe1b74b3f3fe8e980c1e207fea1fd",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"status": "affected",
"version": "92994a5f49d0a81c8643452d5c0a6e8b31d85a61",
"versionType": "git"
},
{
"status": "affected",
"version": "85aec6328f3346b0718211faad564a3ffa64f60e",
"versionType": "git"
},
{
"status": "affected",
"version": "d38200098e3203ba30ba06ed3f345ec6ca75234c",
"versionType": "git"
},
{
"status": "affected",
"version": "65d48c630ff80a19c39751a4a6d3315f4c3c0280",
"versionType": "git"
},
{
"status": "affected",
"version": "62f43b58d2b2c4f0200b9ca2b997f4c484f0272f",
"versionType": "git"
},
{
"lessThan": "3.13",
"status": "affected",
"version": "3.12.49",
"versionType": "semver"
},
{
"lessThan": "3.15",
"status": "affected",
"version": "3.14.54",
"versionType": "semver"
},
{
"lessThan": "3.19",
"status": "affected",
"version": "3.18.23",
"versionType": "semver"
},
{
"lessThan": "4.2",
"status": "affected",
"version": "4.1.10",
"versionType": "semver"
},
{
"lessThan": "4.3",
"status": "affected",
"version": "4.2.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netlink/af_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.12.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.14.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.18.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix kernel-infoleak-after-free in __skb_datagram_iter\n\nsyzbot reported the following uninit-value access issue [1]:\n\nnetlink_to_full_skb() creates a new `skb` and puts the `skb-\u003edata`\npassed as a 1st arg of netlink_to_full_skb() onto new `skb`. The data\nsize is specified as `len` and passed to skb_put_data(). This `len`\nis based on `skb-\u003eend` that is not data offset but buffer offset. The\n`skb-\u003eend` contains data and tailroom. Since the tailroom is not\ninitialized when the new `skb` created, KMSAN detects uninitialized\nmemory area when copying the data.\n\nThis patch resolved this issue by correct the len from `skb-\u003eend` to\n`skb-\u003elen`, which is the actual data offset.\n\nBUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in copy_to_user_iter lib/iov_iter.c:24 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_ubuf include/linux/iov_iter.h:29 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance include/linux/iov_iter.h:271 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186\n copy_to_iter include/linux/uio.h:197 [inline]\n simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:532\n __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:420\n skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546\n skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline]\n packet_recvmsg+0xd9c/0x2000 net/packet/af_packet.c:3482\n sock_recvmsg_nosec net/socket.c:1044 [inline]\n sock_recvmsg net/socket.c:1066 [inline]\n sock_read_iter+0x467/0x580 net/socket.c:1136\n call_read_iter include/linux/fs.h:2014 [inline]\n new_sync_read fs/read_write.c:389 [inline]\n vfs_read+0x8f6/0xe00 fs/read_write.c:470\n ksys_read+0x20f/0x4c0 fs/read_write.c:613\n __do_sys_read fs/read_write.c:623 [inline]\n __se_sys_read fs/read_write.c:621 [inline]\n __x64_sys_read+0x93/0xd0 fs/read_write.c:621\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was stored to memory at:\n skb_put_data include/linux/skbuff.h:2622 [inline]\n netlink_to_full_skb net/netlink/af_netlink.c:181 [inline]\n __netlink_deliver_tap_skb net/netlink/af_netlink.c:298 [inline]\n __netlink_deliver_tap+0x5be/0xc90 net/netlink/af_netlink.c:325\n netlink_deliver_tap net/netlink/af_netlink.c:338 [inline]\n netlink_deliver_tap_kernel net/netlink/af_netlink.c:347 [inline]\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x10f1/0x1250 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n free_pages_prepare mm/page_alloc.c:1087 [inline]\n free_unref_page_prepare+0xb0/0xa40 mm/page_alloc.c:2347\n free_unref_page_list+0xeb/0x1100 mm/page_alloc.c:2533\n release_pages+0x23d3/0x2410 mm/swap.c:1042\n free_pages_and_swap_cache+0xd9/0xf0 mm/swap_state.c:316\n tlb_batch_pages\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:38:12.239Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ec343a55b687a452f5e87f3b52bf9f155864df65"
},
{
"url": "https://git.kernel.org/stable/c/9ae51361da43270f4ba0eb924427a07e87e48777"
},
{
"url": "https://git.kernel.org/stable/c/f19d1f98e60e68b11fc60839105dd02a30ec0d77"
},
{
"url": "https://git.kernel.org/stable/c/c71ed29d15b1a1ed6c464f8c3536996963046285"
},
{
"url": "https://git.kernel.org/stable/c/0b27bf4c494d61e5663baa34c3edd7ccebf0ea44"
},
{
"url": "https://git.kernel.org/stable/c/d3ada42e534a83b618bbc1e490d23bf0fdae4736"
},
{
"url": "https://git.kernel.org/stable/c/59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d"
},
{
"url": "https://git.kernel.org/stable/c/661779e1fcafe1b74b3f3fe8e980c1e207fea1fd"
}
],
"title": "netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26805",
"datePublished": "2024-04-04T08:20:32.250Z",
"dateReserved": "2024-02-19T14:20:24.179Z",
"dateUpdated": "2026-05-23T15:38:12.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26809 (GCVE-0-2024-26809)
Vulnerability from cvelistv5 – Published: 2024-04-04 09:51 – Updated: 2026-05-23 15:38
VLAI
EPSS
Title
netfilter: nft_set_pipapo: release elements in clone only from destroy path
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: release elements in clone only from destroy path
Clone already always provides a current view of the lookup table, use it
to destroy the set, otherwise it is possible to destroy elements twice.
This fix requires:
212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol")
which came after:
9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path").
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4a6430b99f67842617c7208ca55a411e903ba03a , < b36b83297ff4910dfc8705402c8abffd4bbf8144
(git)
Affected: 5ccecafc728b0df48263d5ac198220bcd79830bc , < 362508506bf545e9ce18c72a2c48dcbfb891ab9c (git) Affected: 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e , < 5ad233dc731ab64cdc47b84a5c1f78fff6c024af (git) Affected: 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e , < ff90050771412b91e928093ccd8736ae680063c2 (git) Affected: 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e , < 821e28d5b506e6a73ccc367ff792bd894050d48b (git) Affected: 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e , < 9384b4d85c46ce839f51af01374062ce6318b2f2 (git) Affected: 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e , < b0e256f3dd2ba6532f37c5c22e07cb07a36031ee (git) Affected: d2b18d110685ce46ca1633b8ec586c685e243a51 (git) Affected: 5.10.130 , < 5.10.214 (semver) Affected: 5.15.54 , < 5.15.153 (semver) Affected: 5.18.11 , < 5.19 (semver) |
|
| Linux | Linux |
Affected:
5.19
Unaffected: 0 , < 5.19 (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:50:40.137148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:44.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b36b83297ff4910dfc8705402c8abffd4bbf8144",
"status": "affected",
"version": "4a6430b99f67842617c7208ca55a411e903ba03a",
"versionType": "git"
},
{
"lessThan": "362508506bf545e9ce18c72a2c48dcbfb891ab9c",
"status": "affected",
"version": "5ccecafc728b0df48263d5ac198220bcd79830bc",
"versionType": "git"
},
{
"lessThan": "5ad233dc731ab64cdc47b84a5c1f78fff6c024af",
"status": "affected",
"version": "9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",
"versionType": "git"
},
{
"lessThan": "ff90050771412b91e928093ccd8736ae680063c2",
"status": "affected",
"version": "9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",
"versionType": "git"
},
{
"lessThan": "821e28d5b506e6a73ccc367ff792bd894050d48b",
"status": "affected",
"version": "9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",
"versionType": "git"
},
{
"lessThan": "9384b4d85c46ce839f51af01374062ce6318b2f2",
"status": "affected",
"version": "9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",
"versionType": "git"
},
{
"lessThan": "b0e256f3dd2ba6532f37c5c22e07cb07a36031ee",
"status": "affected",
"version": "9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",
"versionType": "git"
},
{
"status": "affected",
"version": "d2b18d110685ce46ca1633b8ec586c685e243a51",
"versionType": "git"
},
{
"lessThan": "5.10.214",
"status": "affected",
"version": "5.10.130",
"versionType": "semver"
},
{
"lessThan": "5.15.153",
"status": "affected",
"version": "5.15.54",
"versionType": "semver"
},
{
"lessThan": "5.19",
"status": "affected",
"version": "5.18.11",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.10.130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.15.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.18.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: release elements in clone only from destroy path\n\nClone already always provides a current view of the lookup table, use it\nto destroy the set, otherwise it is possible to destroy elements twice.\n\nThis fix requires:\n\n 212ed75dc5fb (\"netfilter: nf_tables: integrate pipapo into commit protocol\")\n\nwhich came after:\n\n 9827a0e6e23b (\"netfilter: nft_set_pipapo: release elements in clone from abort path\")."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:38:22.859Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144"
},
{
"url": "https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c"
},
{
"url": "https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af"
},
{
"url": "https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2"
},
{
"url": "https://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b"
},
{
"url": "https://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2"
},
{
"url": "https://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee"
}
],
"title": "netfilter: nft_set_pipapo: release elements in clone only from destroy path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26809",
"datePublished": "2024-04-04T09:51:51.245Z",
"dateReserved": "2024-02-19T14:20:24.179Z",
"dateUpdated": "2026-05-23T15:38:22.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26816 (GCVE-0-2024-26816)
Vulnerability from cvelistv5 – Published: 2024-04-10 13:53 – Updated: 2026-05-12 11:49
VLAI
EPSS
Title
x86, relocs: Ignore relocations in .notes section
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86, relocs: Ignore relocations in .notes section
When building with CONFIG_XEN_PV=y, .text symbols are emitted into
the .notes section so that Xen can find the "startup_xen" entry point.
This information is used prior to booting the kernel, so relocations
are not useful. In fact, performing relocations against the .notes
section means that the KASLR base is exposed since /sys/kernel/notes
is world-readable.
To avoid leaking the KASLR base without breaking unprivileged tools that
are expecting to read /sys/kernel/notes, skip performing relocations in
the .notes section. The values readable in .notes are then identical to
those found in System.map.
Severity
No CVSS data available.
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 , < 13edb509abc91c72152a11baaf0e7c060a312e03
(git)
Affected: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 , < 52018aa146e3cf76569a9b1e6e49a2b7c8d4a088 (git) Affected: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 , < a4e7ff1a74274e59a2de9bb57236542aa990d20a (git) Affected: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 , < c7cff9780297d55d97ad068b68b703cfe53ef9af (git) Affected: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 , < 47635b112a64b7b208224962471e7e42f110e723 (git) Affected: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 , < af2a9f98d884205145fd155304a6955822ccca1c (git) Affected: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 , < ae7079238f6faf1b94accfccf334e98b46a0c0aa (git) Affected: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 , < 5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40 (git) Affected: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 , < aaa8736370db1a78f0e8434344a484f9fd20be3b (git) |
|
| Linux | Linux |
Affected:
2.6.23
Unaffected: 0 , < 2.6.23 (semver) Unaffected: 4.19.311 , ≤ 4.19.* (semver) Unaffected: 5.4.273 , ≤ 5.4.* (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:05:35.963352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:05:55.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:49:30.301Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/tools/relocs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "13edb509abc91c72152a11baaf0e7c060a312e03",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
},
{
"lessThan": "52018aa146e3cf76569a9b1e6e49a2b7c8d4a088",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
},
{
"lessThan": "a4e7ff1a74274e59a2de9bb57236542aa990d20a",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
},
{
"lessThan": "c7cff9780297d55d97ad068b68b703cfe53ef9af",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
},
{
"lessThan": "47635b112a64b7b208224962471e7e42f110e723",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
},
{
"lessThan": "af2a9f98d884205145fd155304a6955822ccca1c",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
},
{
"lessThan": "ae7079238f6faf1b94accfccf334e98b46a0c0aa",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
},
{
"lessThan": "5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
},
{
"lessThan": "aaa8736370db1a78f0e8434344a484f9fd20be3b",
"status": "affected",
"version": "5ead97c84fa7d63a6a7a2f4e9f18f452bd109045",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/tools/relocs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.23"
},
{
"lessThan": "2.6.23",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86, relocs: Ignore relocations in .notes section\n\nWhen building with CONFIG_XEN_PV=y, .text symbols are emitted into\nthe .notes section so that Xen can find the \"startup_xen\" entry point.\nThis information is used prior to booting the kernel, so relocations\nare not useful. In fact, performing relocations against the .notes\nsection means that the KASLR base is exposed since /sys/kernel/notes\nis world-readable.\n\nTo avoid leaking the KASLR base without breaking unprivileged tools that\nare expecting to read /sys/kernel/notes, skip performing relocations in\nthe .notes section. The values readable in .notes are then identical to\nthose found in System.map."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:04:43.802Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03"
},
{
"url": "https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088"
},
{
"url": "https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20a"
},
{
"url": "https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9af"
},
{
"url": "https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723"
},
{
"url": "https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1c"
},
{
"url": "https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aa"
},
{
"url": "https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40"
},
{
"url": "https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3b"
}
],
"title": "x86, relocs: Ignore relocations in .notes section",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26816",
"datePublished": "2024-04-10T13:53:49.492Z",
"dateReserved": "2024-02-19T14:20:24.180Z",
"dateUpdated": "2026-05-12T11:49:30.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26820 (GCVE-0-2024-26820)
Vulnerability from cvelistv5 – Published: 2024-04-17 09:43 – Updated: 2026-05-23 15:38
VLAI
EPSS
Title
hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
Summary
In the Linux kernel, the following vulnerability has been resolved:
hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER
handler cannot perform VF register successfully as the register call
is received before netvsc_probe is finished. This is because we
register register_netdevice_notifier() very early( even before
vmbus_driver_register()).
To fix this, we try to register each such matching VF( if it is visible
as a netdevice) at the end of netvsc_probe.
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
028aa21f9e92536038cabb834c15d08f5c894382 , < bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d
(git)
Affected: 997d895fa495fb3421983923219bba93f1a793ee , < c7441c77c91e47f653104be8353b44a3366a5366 (git) Affected: ff6c130e48a79c826cbc2427bd8b34a7592460cc , < 5b10a88f64c0315cfdef45de0aaaa4eef57de0b7 (git) Affected: 97683466e24c801ee4e865ce90ac7e355db2da59 , < b6d46f306b3964d05055ddaa96b58cd8bd3a472c (git) Affected: 5dd83db613be8e5c5d30efed7f42780e9eb18380 , < 309ef7de5d840e17607e7d65cbf297c0564433ef (git) Affected: 7350c460f7f48a8653a15c5c90fc9070aaa29535 , < a71302c8638939c45e4ba5a99ea438185fd3f418 (git) Affected: 85520856466ed6bc3b1ccb013cddac70ceb437db , < 4d29a58d96a78728cb01ee29ed70dc4bd642f135 (git) Affected: 85520856466ed6bc3b1ccb013cddac70ceb437db , < 9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2 (git) Affected: 4.19.301 , < 4.19.310 (semver) Affected: 5.4.263 , < 5.4.272 (semver) Affected: 5.10.203 , < 5.10.213 (semver) Affected: 5.15.141 , < 5.15.152 (semver) Affected: 6.1.65 , < 6.1.79 (semver) Affected: 6.6.4 , < 6.6.18 (semver) |
|
| Linux | Linux |
Affected:
6.7
Unaffected: 0 , < 6.7 (semver) Unaffected: 4.19.310 , ≤ 4.19.* (semver) Unaffected: 5.4.272 , ≤ 5.4.* (semver) Unaffected: 5.10.213 , ≤ 5.10.* (semver) Unaffected: 5.15.152 , ≤ 5.15.* (semver) Unaffected: 6.1.79 , ≤ 6.1.* (semver) Unaffected: 6.6.18 , ≤ 6.6.* (semver) Unaffected: 6.7.6 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26820",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:59:53.031569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:04.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7441c77c91e47f653104be8353b44a3366a5366"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b10a88f64c0315cfdef45de0aaaa4eef57de0b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6d46f306b3964d05055ddaa96b58cd8bd3a472c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/309ef7de5d840e17607e7d65cbf297c0564433ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a71302c8638939c45e4ba5a99ea438185fd3f418"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d29a58d96a78728cb01ee29ed70dc4bd642f135"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:49:31.479Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/hyperv/netvsc_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d",
"status": "affected",
"version": "028aa21f9e92536038cabb834c15d08f5c894382",
"versionType": "git"
},
{
"lessThan": "c7441c77c91e47f653104be8353b44a3366a5366",
"status": "affected",
"version": "997d895fa495fb3421983923219bba93f1a793ee",
"versionType": "git"
},
{
"lessThan": "5b10a88f64c0315cfdef45de0aaaa4eef57de0b7",
"status": "affected",
"version": "ff6c130e48a79c826cbc2427bd8b34a7592460cc",
"versionType": "git"
},
{
"lessThan": "b6d46f306b3964d05055ddaa96b58cd8bd3a472c",
"status": "affected",
"version": "97683466e24c801ee4e865ce90ac7e355db2da59",
"versionType": "git"
},
{
"lessThan": "309ef7de5d840e17607e7d65cbf297c0564433ef",
"status": "affected",
"version": "5dd83db613be8e5c5d30efed7f42780e9eb18380",
"versionType": "git"
},
{
"lessThan": "a71302c8638939c45e4ba5a99ea438185fd3f418",
"status": "affected",
"version": "7350c460f7f48a8653a15c5c90fc9070aaa29535",
"versionType": "git"
},
{
"lessThan": "4d29a58d96a78728cb01ee29ed70dc4bd642f135",
"status": "affected",
"version": "85520856466ed6bc3b1ccb013cddac70ceb437db",
"versionType": "git"
},
{
"lessThan": "9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2",
"status": "affected",
"version": "85520856466ed6bc3b1ccb013cddac70ceb437db",
"versionType": "git"
},
{
"lessThan": "4.19.310",
"status": "affected",
"version": "4.19.301",
"versionType": "semver"
},
{
"lessThan": "5.4.272",
"status": "affected",
"version": "5.4.263",
"versionType": "semver"
},
{
"lessThan": "5.10.213",
"status": "affected",
"version": "5.10.203",
"versionType": "semver"
},
{
"lessThan": "5.15.152",
"status": "affected",
"version": "5.15.141",
"versionType": "semver"
},
{
"lessThan": "6.1.79",
"status": "affected",
"version": "6.1.65",
"versionType": "semver"
},
{
"lessThan": "6.6.18",
"status": "affected",
"version": "6.6.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/hyperv/netvsc_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.310",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.310",
"versionStartIncluding": "4.19.301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.272",
"versionStartIncluding": "5.4.263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "5.10.203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "5.15.141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "6.1.65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "6.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed\n\nIf hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER\nhandler cannot perform VF register successfully as the register call\nis received before netvsc_probe is finished. This is because we\nregister register_netdevice_notifier() very early( even before\nvmbus_driver_register()).\nTo fix this, we try to register each such matching VF( if it is visible\nas a netdevice) at the end of netvsc_probe."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:38:25.395Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d"
},
{
"url": "https://git.kernel.org/stable/c/c7441c77c91e47f653104be8353b44a3366a5366"
},
{
"url": "https://git.kernel.org/stable/c/5b10a88f64c0315cfdef45de0aaaa4eef57de0b7"
},
{
"url": "https://git.kernel.org/stable/c/b6d46f306b3964d05055ddaa96b58cd8bd3a472c"
},
{
"url": "https://git.kernel.org/stable/c/309ef7de5d840e17607e7d65cbf297c0564433ef"
},
{
"url": "https://git.kernel.org/stable/c/a71302c8638939c45e4ba5a99ea438185fd3f418"
},
{
"url": "https://git.kernel.org/stable/c/4d29a58d96a78728cb01ee29ed70dc4bd642f135"
},
{
"url": "https://git.kernel.org/stable/c/9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2"
}
],
"title": "hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26820",
"datePublished": "2024-04-17T09:43:47.966Z",
"dateReserved": "2024-02-19T14:20:24.180Z",
"dateUpdated": "2026-05-23T15:38:25.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26833 (GCVE-0-2024-26833)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:10 – Updated: 2026-05-11 20:05
VLAI
EPSS
Title
drm/amd/display: Fix memory leak in dm_sw_fini()
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix memory leak in dm_sw_fini()
After destroying dmub_srv, the memory associated with it is
not freed, causing a memory leak:
unreferenced object 0xffff896302b45800 (size 1024):
comm "(udev-worker)", pid 222, jiffies 4294894636
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 6265fd77):
[<ffffffff993495ed>] kmalloc_trace+0x29d/0x340
[<ffffffffc0ea4a94>] dm_dmub_sw_init+0xb4/0x450 [amdgpu]
[<ffffffffc0ea4e55>] dm_sw_init+0x15/0x2b0 [amdgpu]
[<ffffffffc0ba8557>] amdgpu_device_init+0x1417/0x24e0 [amdgpu]
[<ffffffffc0bab285>] amdgpu_driver_load_kms+0x15/0x190 [amdgpu]
[<ffffffffc0ba09c7>] amdgpu_pci_probe+0x187/0x4e0 [amdgpu]
[<ffffffff9968fd1e>] local_pci_probe+0x3e/0x90
[<ffffffff996918a3>] pci_device_probe+0xc3/0x230
[<ffffffff99805872>] really_probe+0xe2/0x480
[<ffffffff99805c98>] __driver_probe_device+0x78/0x160
[<ffffffff99805daf>] driver_probe_device+0x1f/0x90
[<ffffffff9980601e>] __driver_attach+0xce/0x1c0
[<ffffffff99803170>] bus_for_each_dev+0x70/0xc0
[<ffffffff99804822>] bus_add_driver+0x112/0x210
[<ffffffff99807245>] driver_register+0x55/0x100
[<ffffffff990012d1>] do_one_initcall+0x41/0x300
Fix this by freeing dmub_srv after destroying it.
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
743b9786b14ae0d7d13b3782dccad158e577e9bb , < b49b022f7dfce85eb77d0d987008fde5c01d7857
(git)
Affected: 743b9786b14ae0d7d13b3782dccad158e577e9bb , < 33f649f1b1cea39ed360e6c12bba4fac83118e6e (git) Affected: 743b9786b14ae0d7d13b3782dccad158e577e9bb , < 58168005337eabef345a872be3f87d0215ff3b30 (git) Affected: 743b9786b14ae0d7d13b3782dccad158e577e9bb , < 10c6b90e975358c17856a578419dc449887899c2 (git) Affected: 743b9786b14ae0d7d13b3782dccad158e577e9bb , < 541e79265ea7e339a7c4a462feafe9f8f996e04b (git) Affected: 743b9786b14ae0d7d13b3782dccad158e577e9bb , < bae67893578d608e35691dcdfa90c4957debf1d3 (git) |
|
| Linux | Linux |
Affected:
5.6
Unaffected: 0 , < 5.6 (semver) Unaffected: 5.10.211 , ≤ 5.10.* (semver) Unaffected: 5.15.150 , ≤ 5.15.* (semver) Unaffected: 6.1.80 , ≤ 6.1.* (semver) Unaffected: 6.6.19 , ≤ 6.6.* (semver) Unaffected: 6.7.7 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26833",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:24:28.460328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:24:36.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b49b022f7dfce85eb77d0d987008fde5c01d7857"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/33f649f1b1cea39ed360e6c12bba4fac83118e6e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/58168005337eabef345a872be3f87d0215ff3b30"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10c6b90e975358c17856a578419dc449887899c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/541e79265ea7e339a7c4a462feafe9f8f996e04b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bae67893578d608e35691dcdfa90c4957debf1d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b49b022f7dfce85eb77d0d987008fde5c01d7857",
"status": "affected",
"version": "743b9786b14ae0d7d13b3782dccad158e577e9bb",
"versionType": "git"
},
{
"lessThan": "33f649f1b1cea39ed360e6c12bba4fac83118e6e",
"status": "affected",
"version": "743b9786b14ae0d7d13b3782dccad158e577e9bb",
"versionType": "git"
},
{
"lessThan": "58168005337eabef345a872be3f87d0215ff3b30",
"status": "affected",
"version": "743b9786b14ae0d7d13b3782dccad158e577e9bb",
"versionType": "git"
},
{
"lessThan": "10c6b90e975358c17856a578419dc449887899c2",
"status": "affected",
"version": "743b9786b14ae0d7d13b3782dccad158e577e9bb",
"versionType": "git"
},
{
"lessThan": "541e79265ea7e339a7c4a462feafe9f8f996e04b",
"status": "affected",
"version": "743b9786b14ae0d7d13b3782dccad158e577e9bb",
"versionType": "git"
},
{
"lessThan": "bae67893578d608e35691dcdfa90c4957debf1d3",
"status": "affected",
"version": "743b9786b14ae0d7d13b3782dccad158e577e9bb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix memory leak in dm_sw_fini()\n\nAfter destroying dmub_srv, the memory associated with it is\nnot freed, causing a memory leak:\n\nunreferenced object 0xffff896302b45800 (size 1024):\n comm \"(udev-worker)\", pid 222, jiffies 4294894636\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 6265fd77):\n [\u003cffffffff993495ed\u003e] kmalloc_trace+0x29d/0x340\n [\u003cffffffffc0ea4a94\u003e] dm_dmub_sw_init+0xb4/0x450 [amdgpu]\n [\u003cffffffffc0ea4e55\u003e] dm_sw_init+0x15/0x2b0 [amdgpu]\n [\u003cffffffffc0ba8557\u003e] amdgpu_device_init+0x1417/0x24e0 [amdgpu]\n [\u003cffffffffc0bab285\u003e] amdgpu_driver_load_kms+0x15/0x190 [amdgpu]\n [\u003cffffffffc0ba09c7\u003e] amdgpu_pci_probe+0x187/0x4e0 [amdgpu]\n [\u003cffffffff9968fd1e\u003e] local_pci_probe+0x3e/0x90\n [\u003cffffffff996918a3\u003e] pci_device_probe+0xc3/0x230\n [\u003cffffffff99805872\u003e] really_probe+0xe2/0x480\n [\u003cffffffff99805c98\u003e] __driver_probe_device+0x78/0x160\n [\u003cffffffff99805daf\u003e] driver_probe_device+0x1f/0x90\n [\u003cffffffff9980601e\u003e] __driver_attach+0xce/0x1c0\n [\u003cffffffff99803170\u003e] bus_for_each_dev+0x70/0xc0\n [\u003cffffffff99804822\u003e] bus_add_driver+0x112/0x210\n [\u003cffffffff99807245\u003e] driver_register+0x55/0x100\n [\u003cffffffff990012d1\u003e] do_one_initcall+0x41/0x300\n\nFix this by freeing dmub_srv after destroying it."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:05:00.334Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b49b022f7dfce85eb77d0d987008fde5c01d7857"
},
{
"url": "https://git.kernel.org/stable/c/33f649f1b1cea39ed360e6c12bba4fac83118e6e"
},
{
"url": "https://git.kernel.org/stable/c/58168005337eabef345a872be3f87d0215ff3b30"
},
{
"url": "https://git.kernel.org/stable/c/10c6b90e975358c17856a578419dc449887899c2"
},
{
"url": "https://git.kernel.org/stable/c/541e79265ea7e339a7c4a462feafe9f8f996e04b"
},
{
"url": "https://git.kernel.org/stable/c/bae67893578d608e35691dcdfa90c4957debf1d3"
}
],
"title": "drm/amd/display: Fix memory leak in dm_sw_fini()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26833",
"datePublished": "2024-04-17T10:10:01.654Z",
"dateReserved": "2024-02-19T14:20:24.181Z",
"dateUpdated": "2026-05-11T20:05:00.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26835 (GCVE-0-2024-26835)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:10 – Updated: 2026-05-23 15:39
VLAI
EPSS
Title
netfilter: nf_tables: set dormant flag on hook register failure
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: set dormant flag on hook register failure
We need to set the dormant flag again if we fail to register
the hooks.
During memory pressure hook registration can fail and we end up
with a table marked as active but no registered hooks.
On table/base chain deletion, nf_tables will attempt to unregister
the hook again which yields a warn splat from the nftables core.
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3 , < a6411f3c48f991c19aaf9a24fce36865fbba28d7
(git)
Affected: e10f661adc556c4969c70ddaddf238bffdaf1e87 , < ae4360cbd385f0d7a8a86d5723e50448cc6318f3 (git) Affected: d9c4da8cb74e8ee6e58a064a3573aa37acf6c935 , < 31ea574aeca1aa488e18716459bde057217637af (git) Affected: 179d9ba5559a756f4322583388b3213fe4e391b0 , < 664264a5c55bf97a9c571c557d477b75416199be (git) Affected: 179d9ba5559a756f4322583388b3213fe4e391b0 , < 0c9302a6da262e6ab6a6c1d30f04a6130ed97376 (git) Affected: 179d9ba5559a756f4322583388b3213fe4e391b0 , < f2135bbf14949687e96cabb13d8a91ae3deb9069 (git) Affected: 179d9ba5559a756f4322583388b3213fe4e391b0 , < 6f2496366426cec18ba53f1c7f6c3ac307ca6a95 (git) Affected: 179d9ba5559a756f4322583388b3213fe4e391b0 , < bccebf64701735533c8db37773eeacc6566cc8ec (git) Affected: 5.4.262 , < 5.4.270 (semver) Affected: 5.10.202 , < 5.10.211 (semver) |
|
| Linux | Linux |
Affected:
5.13
Unaffected: 0 , < 5.13 (semver) Unaffected: 5.4.270 , ≤ 5.4.* (semver) Unaffected: 5.10.211 , ≤ 5.10.* (semver) Unaffected: 5.15.150 , ≤ 5.15.* (semver) Unaffected: 6.1.80 , ≤ 6.1.* (semver) Unaffected: 6.6.19 , ≤ 6.6.* (semver) Unaffected: 6.7.7 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6411f3c48f991c19aaf9a24fce36865fbba28d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae4360cbd385f0d7a8a86d5723e50448cc6318f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31ea574aeca1aa488e18716459bde057217637af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/664264a5c55bf97a9c571c557d477b75416199be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c9302a6da262e6ab6a6c1d30f04a6130ed97376"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2135bbf14949687e96cabb13d8a91ae3deb9069"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f2496366426cec18ba53f1c7f6c3ac307ca6a95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bccebf64701735533c8db37773eeacc6566cc8ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:48:51.357992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:28.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a6411f3c48f991c19aaf9a24fce36865fbba28d7",
"status": "affected",
"version": "bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3",
"versionType": "git"
},
{
"lessThan": "ae4360cbd385f0d7a8a86d5723e50448cc6318f3",
"status": "affected",
"version": "e10f661adc556c4969c70ddaddf238bffdaf1e87",
"versionType": "git"
},
{
"lessThan": "31ea574aeca1aa488e18716459bde057217637af",
"status": "affected",
"version": "d9c4da8cb74e8ee6e58a064a3573aa37acf6c935",
"versionType": "git"
},
{
"lessThan": "664264a5c55bf97a9c571c557d477b75416199be",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "0c9302a6da262e6ab6a6c1d30f04a6130ed97376",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "f2135bbf14949687e96cabb13d8a91ae3deb9069",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "6f2496366426cec18ba53f1c7f6c3ac307ca6a95",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "bccebf64701735533c8db37773eeacc6566cc8ec",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "5.4.270",
"status": "affected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThan": "5.10.211",
"status": "affected",
"version": "5.10.202",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: set dormant flag on hook register failure\n\nWe need to set the dormant flag again if we fail to register\nthe hooks.\n\nDuring memory pressure hook registration can fail and we end up\nwith a table marked as active but no registered hooks.\n\nOn table/base chain deletion, nf_tables will attempt to unregister\nthe hook again which yields a warn splat from the nftables core."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:39:00.900Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a6411f3c48f991c19aaf9a24fce36865fbba28d7"
},
{
"url": "https://git.kernel.org/stable/c/ae4360cbd385f0d7a8a86d5723e50448cc6318f3"
},
{
"url": "https://git.kernel.org/stable/c/31ea574aeca1aa488e18716459bde057217637af"
},
{
"url": "https://git.kernel.org/stable/c/664264a5c55bf97a9c571c557d477b75416199be"
},
{
"url": "https://git.kernel.org/stable/c/0c9302a6da262e6ab6a6c1d30f04a6130ed97376"
},
{
"url": "https://git.kernel.org/stable/c/f2135bbf14949687e96cabb13d8a91ae3deb9069"
},
{
"url": "https://git.kernel.org/stable/c/6f2496366426cec18ba53f1c7f6c3ac307ca6a95"
},
{
"url": "https://git.kernel.org/stable/c/bccebf64701735533c8db37773eeacc6566cc8ec"
}
],
"title": "netfilter: nf_tables: set dormant flag on hook register failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26835",
"datePublished": "2024-04-17T10:10:02.907Z",
"dateReserved": "2024-02-19T14:20:24.181Z",
"dateUpdated": "2026-05-23T15:39:00.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26838 (GCVE-0-2024-26838)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:10 – Updated: 2026-05-11 20:05
VLAI
EPSS
Title
RDMA/irdma: Fix KASAN issue with tasklet
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: Fix KASAN issue with tasklet
KASAN testing revealed the following issue assocated with freeing an IRQ.
[50006.466686] Call Trace:
[50006.466691] <IRQ>
[50006.489538] dump_stack+0x5c/0x80
[50006.493475] print_address_description.constprop.6+0x1a/0x150
[50006.499872] ? irdma_sc_process_ceq+0x483/0x790 [irdma]
[50006.505742] ? irdma_sc_process_ceq+0x483/0x790 [irdma]
[50006.511644] kasan_report.cold.11+0x7f/0x118
[50006.516572] ? irdma_sc_process_ceq+0x483/0x790 [irdma]
[50006.522473] irdma_sc_process_ceq+0x483/0x790 [irdma]
[50006.528232] irdma_process_ceq+0xb2/0x400 [irdma]
[50006.533601] ? irdma_hw_flush_wqes_callback+0x370/0x370 [irdma]
[50006.540298] irdma_ceq_dpc+0x44/0x100 [irdma]
[50006.545306] tasklet_action_common.isra.14+0x148/0x2c0
[50006.551096] __do_softirq+0x1d0/0xaf8
[50006.555396] irq_exit_rcu+0x219/0x260
[50006.559670] irq_exit+0xa/0x20
[50006.563320] smp_apic_timer_interrupt+0x1bf/0x690
[50006.568645] apic_timer_interrupt+0xf/0x20
[50006.573341] </IRQ>
The issue is that a tasklet could be pending on another core racing
the delete of the irq.
Fix by insuring any scheduled tasklet is killed after deleting the
irq.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
44d9e52977a1b90b0db1c7f8b197c218e9226520 , < 635d79aa477f9912e602feb5498bdd51fb9cb824
(git)
Affected: 44d9e52977a1b90b0db1c7f8b197c218e9226520 , < b2e4a5266e3d133b4c7f0e43bf40d13ce14fd1aa (git) Affected: 44d9e52977a1b90b0db1c7f8b197c218e9226520 , < c6f1ca235f68b22b3e691b2ea87ac285e5946848 (git) Affected: 44d9e52977a1b90b0db1c7f8b197c218e9226520 , < 0ae8ad0013978f7471f22bcf45b027393e87f5dc (git) Affected: 44d9e52977a1b90b0db1c7f8b197c218e9226520 , < bd97cea7b18a0a553773af806dfbfac27a7c4acb (git) |
|
| Linux | Linux |
Affected:
5.14
Unaffected: 0 , < 5.14 (semver) Unaffected: 5.15.150 , ≤ 5.15.* (semver) Unaffected: 6.1.80 , ≤ 6.1.* (semver) Unaffected: 6.6.19 , ≤ 6.6.* (semver) Unaffected: 6.7.7 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T14:27:19.140994Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:36.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/635d79aa477f9912e602feb5498bdd51fb9cb824"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b2e4a5266e3d133b4c7f0e43bf40d13ce14fd1aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6f1ca235f68b22b3e691b2ea87ac285e5946848"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0ae8ad0013978f7471f22bcf45b027393e87f5dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd97cea7b18a0a553773af806dfbfac27a7c4acb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/irdma/hw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "635d79aa477f9912e602feb5498bdd51fb9cb824",
"status": "affected",
"version": "44d9e52977a1b90b0db1c7f8b197c218e9226520",
"versionType": "git"
},
{
"lessThan": "b2e4a5266e3d133b4c7f0e43bf40d13ce14fd1aa",
"status": "affected",
"version": "44d9e52977a1b90b0db1c7f8b197c218e9226520",
"versionType": "git"
},
{
"lessThan": "c6f1ca235f68b22b3e691b2ea87ac285e5946848",
"status": "affected",
"version": "44d9e52977a1b90b0db1c7f8b197c218e9226520",
"versionType": "git"
},
{
"lessThan": "0ae8ad0013978f7471f22bcf45b027393e87f5dc",
"status": "affected",
"version": "44d9e52977a1b90b0db1c7f8b197c218e9226520",
"versionType": "git"
},
{
"lessThan": "bd97cea7b18a0a553773af806dfbfac27a7c4acb",
"status": "affected",
"version": "44d9e52977a1b90b0db1c7f8b197c218e9226520",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/irdma/hw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix KASAN issue with tasklet\n\nKASAN testing revealed the following issue assocated with freeing an IRQ.\n\n[50006.466686] Call Trace:\n[50006.466691] \u003cIRQ\u003e\n[50006.489538] dump_stack+0x5c/0x80\n[50006.493475] print_address_description.constprop.6+0x1a/0x150\n[50006.499872] ? irdma_sc_process_ceq+0x483/0x790 [irdma]\n[50006.505742] ? irdma_sc_process_ceq+0x483/0x790 [irdma]\n[50006.511644] kasan_report.cold.11+0x7f/0x118\n[50006.516572] ? irdma_sc_process_ceq+0x483/0x790 [irdma]\n[50006.522473] irdma_sc_process_ceq+0x483/0x790 [irdma]\n[50006.528232] irdma_process_ceq+0xb2/0x400 [irdma]\n[50006.533601] ? irdma_hw_flush_wqes_callback+0x370/0x370 [irdma]\n[50006.540298] irdma_ceq_dpc+0x44/0x100 [irdma]\n[50006.545306] tasklet_action_common.isra.14+0x148/0x2c0\n[50006.551096] __do_softirq+0x1d0/0xaf8\n[50006.555396] irq_exit_rcu+0x219/0x260\n[50006.559670] irq_exit+0xa/0x20\n[50006.563320] smp_apic_timer_interrupt+0x1bf/0x690\n[50006.568645] apic_timer_interrupt+0xf/0x20\n[50006.573341] \u003c/IRQ\u003e\n\nThe issue is that a tasklet could be pending on another core racing\nthe delete of the irq.\n\nFix by insuring any scheduled tasklet is killed after deleting the\nirq."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:05:07.008Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/635d79aa477f9912e602feb5498bdd51fb9cb824"
},
{
"url": "https://git.kernel.org/stable/c/b2e4a5266e3d133b4c7f0e43bf40d13ce14fd1aa"
},
{
"url": "https://git.kernel.org/stable/c/c6f1ca235f68b22b3e691b2ea87ac285e5946848"
},
{
"url": "https://git.kernel.org/stable/c/0ae8ad0013978f7471f22bcf45b027393e87f5dc"
},
{
"url": "https://git.kernel.org/stable/c/bd97cea7b18a0a553773af806dfbfac27a7c4acb"
}
],
"title": "RDMA/irdma: Fix KASAN issue with tasklet",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26838",
"datePublished": "2024-04-17T10:10:04.871Z",
"dateReserved": "2024-02-19T14:20:24.182Z",
"dateUpdated": "2026-05-11T20:05:07.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26839 (GCVE-0-2024-26839)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:10 – Updated: 2026-05-11 20:05
VLAI
EPSS
Title
IB/hfi1: Fix a memleak in init_credit_return
Summary
In the Linux kernel, the following vulnerability has been resolved:
IB/hfi1: Fix a memleak in init_credit_return
When dma_alloc_coherent fails to allocate dd->cr_base[i].va,
init_credit_return should deallocate dd->cr_base and
dd->cr_base[i] that allocated before. Or those resources
would be never freed and a memleak is triggered.
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
7724105686e718ac476a6ad3304fea2fbcfcffde , < 2e4f9f20b32658ef3724aa46f7aef4908d2609e3
(git)
Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < cecfb90cf71d91e9efebd68b9e9b84661b277cc8 (git) Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < 3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7 (git) Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < 52de5805c147137205662af89ed7e083d656ae25 (git) Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < f0d857ce31a6bc7a82afcdbadb8f7417d482604b (git) Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < b41d0ade0398007fb746213f09903d52a920e896 (git) Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < 8412c86e89cc78d8b513cb25cf2157a2adf3670a (git) Affected: 7724105686e718ac476a6ad3304fea2fbcfcffde , < 809aa64ebff51eb170ee31a95f83b2d21efa32e2 (git) |
|
| Linux | Linux |
Affected:
4.3
Unaffected: 0 , < 4.3 (semver) Unaffected: 4.19.308 , ≤ 4.19.* (semver) Unaffected: 5.4.270 , ≤ 5.4.* (semver) Unaffected: 5.10.211 , ≤ 5.10.* (semver) Unaffected: 5.15.150 , ≤ 5.15.* (semver) Unaffected: 6.1.80 , ≤ 6.1.* (semver) Unaffected: 6.6.19 , ≤ 6.6.* (semver) Unaffected: 6.7.7 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:24:08.338788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:24:16.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2adf3670a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/809aa64ebff51eb170ee31a95f83b2d21efa32e2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/pio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2e4f9f20b32658ef3724aa46f7aef4908d2609e3",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "cecfb90cf71d91e9efebd68b9e9b84661b277cc8",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "52de5805c147137205662af89ed7e083d656ae25",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "f0d857ce31a6bc7a82afcdbadb8f7417d482604b",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "b41d0ade0398007fb746213f09903d52a920e896",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "8412c86e89cc78d8b513cb25cf2157a2adf3670a",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "809aa64ebff51eb170ee31a95f83b2d21efa32e2",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/pio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix a memleak in init_credit_return\n\nWhen dma_alloc_coherent fails to allocate dd-\u003ecr_base[i].va,\ninit_credit_return should deallocate dd-\u003ecr_base and\ndd-\u003ecr_base[i] that allocated before. Or those resources\nwould be never freed and a memleak is triggered."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:05:08.157Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3"
},
{
"url": "https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8"
},
{
"url": "https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7"
},
{
"url": "https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25"
},
{
"url": "https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b"
},
{
"url": "https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896"
},
{
"url": "https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2adf3670a"
},
{
"url": "https://git.kernel.org/stable/c/809aa64ebff51eb170ee31a95f83b2d21efa32e2"
}
],
"title": "IB/hfi1: Fix a memleak in init_credit_return",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26839",
"datePublished": "2024-04-17T10:10:05.536Z",
"dateReserved": "2024-02-19T14:20:24.182Z",
"dateUpdated": "2026-05-11T20:05:08.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…