Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0646
Vulnerability from certfr_avis - Published: 2024-08-02 - Updated: 2024-08-02
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Storage Protect | Storage Protect Plus Server versions 10.1.x antérieures à 10.1.16.2 | ||
| IBM | WebSphere | WebSphere Application Server Liberty versions antérieures à 24.0.0.5 | ||
| IBM | VIOS | VIOS version 4.1 avec un fichier openssl.base versions antérieures à 3.0.13.1000 | ||
| IBM | WebSphere | WebSphere Application Server versions 8.5.x antérieures à 8.5.5.25 | ||
| IBM | AIX | AIX versions 7.2 et 7.3 avec un fichier openssl.base versions antérieures à 1.1.1.2400 ou 3.0.13.1000 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x antérieures à 9.0.5.20 | ||
| IBM | N/A | Sterling Control Center versions 6.3.0 antérieures à 6.3.0.0 iFix06 | ||
| IBM | N/A | Sterling Control Center versions 6.2.1 antérieures à 6.2.1.0 iFix13 | ||
| IBM | VIOS | VIOS versions 3.1 et 4.1 avec un fichier openssl.base versions antérieures à 1.1.1.2400 ou 3.0.13.1000 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.0.x antérieures à 7.5.0 UP9 IF01 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Storage Protect Plus Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.16.2",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 24.0.0.5 ",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 avec un fichier openssl.base versions ant\u00e9rieures \u00e0 3.0.13.1000",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.25",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.2 et 7.3 avec un fichier openssl.base versions ant\u00e9rieures \u00e0 1.1.1.2400 ou 3.0.13.1000",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.20",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.3.0 ant\u00e9rieures \u00e0 6.3.0.0 iFix06",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.2.1 ant\u00e9rieures \u00e0 6.2.1.0 iFix13",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS versions 3.1 et 4.1 avec un fichier openssl.base versions ant\u00e9rieures \u00e0 1.1.1.2400 ou 3.0.13.1000",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0.x ant\u00e9rieures \u00e0 7.5.0 UP9 IF01",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-26934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26934"
},
{
"name": "CVE-2023-52477",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
},
{
"name": "CVE-2024-27059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27059"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2024-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
},
{
"name": "CVE-2021-47055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47055"
},
{
"name": "CVE-2024-35154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35154"
},
{
"name": "CVE-2020-36777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36777"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-25744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25744"
},
{
"name": "CVE-2024-26973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26973"
},
{
"name": "CVE-2021-47185",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47185"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2024-23650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23650"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2024-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26603"
},
{
"name": "CVE-2024-26964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26964"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2024-26993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
},
{
"name": "CVE-2019-25162",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25162"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2024-3652",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3652"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2024-26643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26643"
},
{
"name": "CVE-2024-26779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2024-32021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32021"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2024-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2023-52528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
},
{
"name": "CVE-2024-27048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27048"
},
{
"name": "CVE-2021-47013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47013"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-26593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26593"
},
{
"name": "CVE-2023-39320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39320"
},
{
"name": "CVE-2022-48627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48627"
},
{
"name": "CVE-2021-47171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47171"
},
{
"name": "CVE-2024-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-6240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
},
{
"name": "CVE-2024-32004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32004"
},
{
"name": "CVE-2021-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47118"
},
{
"name": "CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"name": "CVE-2023-51767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51767"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-32020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32020"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2019-20372",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20372"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"name": "CVE-2024-27056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27056"
},
{
"name": "CVE-2024-26642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2021-47153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47153"
},
{
"name": "CVE-2023-52439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52439"
},
{
"name": "CVE-2024-26610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
},
{
"name": "CVE-2024-2357",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2357"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-26919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26919"
},
{
"name": "CVE-2023-52445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52445"
},
{
"name": "CVE-2024-1394",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1394"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2024-27014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27014"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2024-32465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32465"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2024-26892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26892"
},
{
"name": "CVE-2023-52578",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52578"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2022-38096",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38096"
},
{
"name": "CVE-2021-46934",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46934"
},
{
"name": "CVE-2023-52598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2024-26659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
},
{
"name": "CVE-2024-26933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26933"
},
{
"name": "CVE-2023-46604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"
},
{
"name": "CVE-2023-52594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
},
{
"name": "CVE-2024-26693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26693"
},
{
"name": "CVE-2023-52595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2023-52513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52513"
},
{
"name": "CVE-2023-52610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52610"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"name": "CVE-2023-52606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
},
{
"name": "CVE-2023-6546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2024-26872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26872"
},
{
"name": "CVE-2024-26901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
},
{
"name": "CVE-2024-1086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
},
{
"name": "CVE-2024-0565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0565"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2024-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0340"
},
{
"name": "CVE-2024-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
},
{
"name": "CVE-2022-48669",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48669"
},
{
"name": "CVE-2023-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52565"
},
{
"name": "CVE-2023-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52520"
},
{
"name": "CVE-2024-26694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26694"
},
{
"name": "CVE-2024-26664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2023-52607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
},
{
"name": "CVE-2018-25091",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25091"
},
{
"name": "CVE-2023-6931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6931"
}
],
"initial_release_date": "2024-08-02T00:00:00",
"last_revision_date": "2024-08-02T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0646",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7161679",
"url": "https://www.ibm.com/support/pages/node/7161679"
},
{
"published_at": "2024-07-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7161667",
"url": "https://www.ibm.com/support/pages/node/7161667"
},
{
"published_at": "2024-07-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7161954",
"url": "https://www.ibm.com/support/pages/node/7161954"
},
{
"published_at": "2024-07-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7162032",
"url": "https://www.ibm.com/support/pages/node/7162032"
},
{
"published_at": "2024-07-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160144",
"url": "https://www.ibm.com/support/pages/node/7160144"
},
{
"published_at": "2024-07-31",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7162077",
"url": "https://www.ibm.com/support/pages/node/7162077"
}
]
}
CVE-2024-24806 (GCVE-0-2024-24806)
Vulnerability from cvelistv5 – Published: 2024-02-07 21:44 – Updated: 2025-06-17 14:17
VLAI
EPSS
Title
Improper Domain Lookup that potentially leads to SSRF attacks in libuv
Summary
libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
7.3 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
11 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-02T17:08:43.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6"
},
{
"name": "https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629"
},
{
"name": "https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70"
},
{
"name": "https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488"
},
{
"name": "https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/08/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/11/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240605-0008/"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.kitware.com/cmake/cmake/-/issues/26112"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24806",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T20:41:52.764681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T14:17:09.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libuv",
"vendor": "libuv",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.45.0, \u003c 1.48.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T00:17:58.651Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6"
},
{
"name": "https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629"
},
{
"name": "https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70"
},
{
"name": "https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488"
},
{
"name": "https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/08/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/11/1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240605-0008/"
},
{
"url": "https://gitlab.kitware.com/cmake/cmake/-/issues/26112"
}
],
"source": {
"advisory": "GHSA-f74f-cvh7-c6q6",
"discovery": "UNKNOWN"
},
"title": "Improper Domain Lookup that potentially leads to SSRF attacks in libuv"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24806",
"datePublished": "2024-02-07T21:44:33.566Z",
"dateReserved": "2024-01-31T16:28:17.940Z",
"dateUpdated": "2025-06-17T14:17:09.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25026 (GCVE-0-2024-25026)
Vulnerability from cvelistv5 – Published: 2024-04-25 12:16 – Updated: 2024-08-01 23:36
VLAI
EPSS
Title
IBM WebSphere Application Server denial of service
Summary
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7149330 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | WebSphere Application Server |
Affected:
8.5, 9.0
|
|
| IBM | WebSphere Application Server Liberty |
Affected:
17.0.0.3 , ≤ 24.0.0.4
(semver)
|
|
| ibm | websphere_application_server |
Affected:
8.5
cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* |
|
| ibm | websphere_application_server |
Affected:
9.0
cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* |
|
| ibm | websphere_application_server_liberty |
Affected:
17.0.0.3
cpe:2.3:a:ibm:websphere_application_server_liberty:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "websphere_application_server",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "8.5"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "websphere_application_server",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "9.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server_liberty:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "websphere_application_server_liberty",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "17.0.0.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-25T19:24:38.149644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:35:52.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7149330"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WebSphere Application Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5, 9.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WebSphere Application Server Liberty",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "24.0.0.4",
"status": "affected",
"version": "17.0.0.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516."
}
],
"value": "IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-25T12:16:24.487Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7149330"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281516"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM WebSphere Application Server denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-25026",
"datePublished": "2024-04-25T12:16:24.487Z",
"dateReserved": "2024-02-03T14:49:11.962Z",
"dateUpdated": "2024-08-01T23:36:21.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25744 (GCVE-0-2024-25744)
Vulnerability from cvelistv5 – Published: 2024-02-12 00:00 – Updated: 2025-05-07 21:07
VLAI
EPSS
Summary
In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-693 - Protection Mechanism Failure
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-15T13:08:14.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b82a8dbd3d2f4563156f7150c6f2ecab6e960b30"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.7"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241115-0006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T20:00:17.711402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T21:07:20.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-12T04:13:07.238Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b82a8dbd3d2f4563156f7150c6f2ecab6e960b30"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25744",
"datePublished": "2024-02-12T00:00:00.000Z",
"dateReserved": "2024-02-12T00:00:00.000Z",
"dateUpdated": "2025-05-07T21:07:20.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26593 (GCVE-0-2024-26593)
Vulnerability from cvelistv5 – Published: 2024-02-23 09:09 – Updated: 2026-05-11 20:00
VLAI
EPSS
Title
i2c: i801: Fix block process call transactions
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: i801: Fix block process call transactions
According to the Intel datasheets, software must reset the block
buffer index twice for block process call transactions: once before
writing the outgoing data to the buffer, and once again before
reading the incoming data from the buffer.
The driver is currently missing the second reset, causing the wrong
portion of the block buffer to be read.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
315cd67c945351f8a569500f8ab16b7fa94026e8 , < d074d5ff5ae77b18300e5079c6bda6342a4d44b7
(git)
Affected: 315cd67c945351f8a569500f8ab16b7fa94026e8 , < 7a14b8a477b88607d157c24aeb23e7389ec3319f (git) Affected: 315cd67c945351f8a569500f8ab16b7fa94026e8 , < 1f8d0691c50581ba6043f009ec9e8b9f78f09d5a (git) Affected: 315cd67c945351f8a569500f8ab16b7fa94026e8 , < 491528935c9c48bf341d8b40eabc6c4fc5df6f2c (git) Affected: 315cd67c945351f8a569500f8ab16b7fa94026e8 , < 6be99c51829b24c914cef5bff6164877178e84d9 (git) Affected: 315cd67c945351f8a569500f8ab16b7fa94026e8 , < 609c7c1cc976e740d0fed4dbeec688b3ecb5dce2 (git) Affected: 315cd67c945351f8a569500f8ab16b7fa94026e8 , < c1c9d0f6f7f1dbf29db996bd8e166242843a5f21 (git) |
|
| Linux | Linux |
Affected:
5.3
Unaffected: 0 , < 5.3 (semver) Unaffected: 5.4.269 , ≤ 5.4.* (semver) Unaffected: 5.10.210 , ≤ 5.10.* (semver) Unaffected: 5.15.149 , ≤ 5.15.* (semver) Unaffected: 6.1.79 , ≤ 6.1.* (semver) Unaffected: 6.6.18 , ≤ 6.6.* (semver) Unaffected: 6.7.6 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-23T18:10:30.612535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:57.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:29:49.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d074d5ff5ae77b18300e5079c6bda6342a4d44b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a14b8a477b88607d157c24aeb23e7389ec3319f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f8d0691c50581ba6043f009ec9e8b9f78f09d5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/491528935c9c48bf341d8b40eabc6c4fc5df6f2c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6be99c51829b24c914cef5bff6164877178e84d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/609c7c1cc976e740d0fed4dbeec688b3ecb5dce2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-i801.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d074d5ff5ae77b18300e5079c6bda6342a4d44b7",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "7a14b8a477b88607d157c24aeb23e7389ec3319f",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "1f8d0691c50581ba6043f009ec9e8b9f78f09d5a",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "491528935c9c48bf341d8b40eabc6c4fc5df6f2c",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "6be99c51829b24c914cef5bff6164877178e84d9",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "609c7c1cc976e740d0fed4dbeec688b3ecb5dce2",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "c1c9d0f6f7f1dbf29db996bd8e166242843a5f21",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-i801.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: i801: Fix block process call transactions\n\nAccording to the Intel datasheets, software must reset the block\nbuffer index twice for block process call transactions: once before\nwriting the outgoing data to the buffer, and once again before\nreading the incoming data from the buffer.\n\nThe driver is currently missing the second reset, causing the wrong\nportion of the block buffer to be read."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:00:20.635Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d074d5ff5ae77b18300e5079c6bda6342a4d44b7"
},
{
"url": "https://git.kernel.org/stable/c/7a14b8a477b88607d157c24aeb23e7389ec3319f"
},
{
"url": "https://git.kernel.org/stable/c/1f8d0691c50581ba6043f009ec9e8b9f78f09d5a"
},
{
"url": "https://git.kernel.org/stable/c/491528935c9c48bf341d8b40eabc6c4fc5df6f2c"
},
{
"url": "https://git.kernel.org/stable/c/6be99c51829b24c914cef5bff6164877178e84d9"
},
{
"url": "https://git.kernel.org/stable/c/609c7c1cc976e740d0fed4dbeec688b3ecb5dce2"
},
{
"url": "https://git.kernel.org/stable/c/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21"
}
],
"title": "i2c: i801: Fix block process call transactions",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26593",
"datePublished": "2024-02-23T09:09:10.021Z",
"dateReserved": "2024-02-19T14:20:24.127Z",
"dateUpdated": "2026-05-11T20:00:20.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26603 (GCVE-0-2024-26603)
Vulnerability from cvelistv5 – Published: 2024-02-24 14:56 – Updated: 2026-05-11 20:00
VLAI
EPSS
Title
x86/fpu: Stop relying on userspace for info to fault in xsave buffer
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/fpu: Stop relying on userspace for info to fault in xsave buffer
Before this change, the expected size of the user space buffer was
taken from fx_sw->xstate_size. fx_sw->xstate_size can be changed
from user-space, so it is possible construct a sigreturn frame where:
* fx_sw->xstate_size is smaller than the size required by valid bits in
fx_sw->xfeatures.
* user-space unmaps parts of the sigrame fpu buffer so that not all of
the buffer required by xrstor is accessible.
In this case, xrstor tries to restore and accesses the unmapped area
which results in a fault. But fault_in_readable succeeds because buf +
fx_sw->xstate_size is within the still mapped area, so it goes back and
tries xrstor again. It will spin in this loop forever.
Instead, fault in the maximum size which can be touched by XRSTOR (taken
from fpstate->user_size).
[ dhansen: tweak subject / changelog ]
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
fcb3635f5018e53024c6be3c3213737f469f74ff , < 8bd3eee7720c14b59a206bd05b98d7586bccf99a
(git)
Affected: fcb3635f5018e53024c6be3c3213737f469f74ff , < 627339cccdc9166792ecf96bc3c9f711a60ce996 (git) Affected: fcb3635f5018e53024c6be3c3213737f469f74ff , < b2479ab426cef7ab79a13005650eff956223ced2 (git) Affected: fcb3635f5018e53024c6be3c3213737f469f74ff , < 627e28cbb65564e55008315d9e02fbb90478beda (git) Affected: fcb3635f5018e53024c6be3c3213737f469f74ff , < d877550eaf2dc9090d782864c96939397a3c6835 (git) |
|
| Linux | Linux |
Affected:
5.14
Unaffected: 0 , < 5.14 (semver) Unaffected: 5.15.150 , ≤ 5.15.* (semver) Unaffected: 6.1.79 , ≤ 6.1.* (semver) Unaffected: 6.6.18 , ≤ 6.6.* (semver) Unaffected: 6.7.6 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T22:13:53.146807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:37.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:29:51.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8bd3eee7720c14b59a206bd05b98d7586bccf99a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/627339cccdc9166792ecf96bc3c9f711a60ce996"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b2479ab426cef7ab79a13005650eff956223ced2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/627e28cbb65564e55008315d9e02fbb90478beda"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d877550eaf2dc9090d782864c96939397a3c6835"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/fpu/signal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8bd3eee7720c14b59a206bd05b98d7586bccf99a",
"status": "affected",
"version": "fcb3635f5018e53024c6be3c3213737f469f74ff",
"versionType": "git"
},
{
"lessThan": "627339cccdc9166792ecf96bc3c9f711a60ce996",
"status": "affected",
"version": "fcb3635f5018e53024c6be3c3213737f469f74ff",
"versionType": "git"
},
{
"lessThan": "b2479ab426cef7ab79a13005650eff956223ced2",
"status": "affected",
"version": "fcb3635f5018e53024c6be3c3213737f469f74ff",
"versionType": "git"
},
{
"lessThan": "627e28cbb65564e55008315d9e02fbb90478beda",
"status": "affected",
"version": "fcb3635f5018e53024c6be3c3213737f469f74ff",
"versionType": "git"
},
{
"lessThan": "d877550eaf2dc9090d782864c96939397a3c6835",
"status": "affected",
"version": "fcb3635f5018e53024c6be3c3213737f469f74ff",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/fpu/signal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Stop relying on userspace for info to fault in xsave buffer\n\nBefore this change, the expected size of the user space buffer was\ntaken from fx_sw-\u003exstate_size. fx_sw-\u003exstate_size can be changed\nfrom user-space, so it is possible construct a sigreturn frame where:\n\n * fx_sw-\u003exstate_size is smaller than the size required by valid bits in\n fx_sw-\u003exfeatures.\n * user-space unmaps parts of the sigrame fpu buffer so that not all of\n the buffer required by xrstor is accessible.\n\nIn this case, xrstor tries to restore and accesses the unmapped area\nwhich results in a fault. But fault_in_readable succeeds because buf +\nfx_sw-\u003exstate_size is within the still mapped area, so it goes back and\ntries xrstor again. It will spin in this loop forever.\n\nInstead, fault in the maximum size which can be touched by XRSTOR (taken\nfrom fpstate-\u003euser_size).\n\n[ dhansen: tweak subject / changelog ]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:00:37.295Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8bd3eee7720c14b59a206bd05b98d7586bccf99a"
},
{
"url": "https://git.kernel.org/stable/c/627339cccdc9166792ecf96bc3c9f711a60ce996"
},
{
"url": "https://git.kernel.org/stable/c/b2479ab426cef7ab79a13005650eff956223ced2"
},
{
"url": "https://git.kernel.org/stable/c/627e28cbb65564e55008315d9e02fbb90478beda"
},
{
"url": "https://git.kernel.org/stable/c/d877550eaf2dc9090d782864c96939397a3c6835"
}
],
"title": "x86/fpu: Stop relying on userspace for info to fault in xsave buffer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26603",
"datePublished": "2024-02-24T14:56:57.628Z",
"dateReserved": "2024-02-19T14:20:24.129Z",
"dateUpdated": "2026-05-11T20:00:37.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26610 (GCVE-0-2024-26610)
Vulnerability from cvelistv5 – Published: 2024-02-29 15:52 – Updated: 2026-05-11 20:00
VLAI
EPSS
Title
wifi: iwlwifi: fix a memory corruption
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: fix a memory corruption
iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that
if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in
bytes, we'll write past the buffer.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
cf29c5b66b9f83939367d90679eb68cdfa2f0356 , < 05dd9facfb9a1e056752c0901c6e86416037d15a
(git)
Affected: cf29c5b66b9f83939367d90679eb68cdfa2f0356 , < 99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd (git) Affected: cf29c5b66b9f83939367d90679eb68cdfa2f0356 , < aa2cc9363926991ba74411e3aa0a0ea82c1ffe32 (git) Affected: cf29c5b66b9f83939367d90679eb68cdfa2f0356 , < 870171899d75d43e3d14360f3a4850e90a9c289b (git) Affected: cf29c5b66b9f83939367d90679eb68cdfa2f0356 , < f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67 (git) Affected: cf29c5b66b9f83939367d90679eb68cdfa2f0356 , < cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d (git) |
|
| Linux | Linux |
Affected:
5.5
Unaffected: 0 , < 5.5 (semver) Unaffected: 5.10.210 , ≤ 5.10.* (semver) Unaffected: 5.15.149 , ≤ 5.15.* (semver) Unaffected: 6.1.76 , ≤ 6.1.* (semver) Unaffected: 6.6.15 , ≤ 6.6.* (semver) Unaffected: 6.7.3 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26610",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T18:22:31.931608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:28.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "05dd9facfb9a1e056752c0901c6e86416037d15a",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
},
{
"lessThan": "99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
},
{
"lessThan": "aa2cc9363926991ba74411e3aa0a0ea82c1ffe32",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
},
{
"lessThan": "870171899d75d43e3d14360f3a4850e90a9c289b",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
},
{
"lessThan": "f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
},
{
"lessThan": "cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d",
"status": "affected",
"version": "cf29c5b66b9f83939367d90679eb68cdfa2f0356",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fix a memory corruption\n\niwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that\nif we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in\nbytes, we\u0027ll write past the buffer."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:00:44.826Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a"
},
{
"url": "https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd"
},
{
"url": "https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32"
},
{
"url": "https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b"
},
{
"url": "https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67"
},
{
"url": "https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d"
}
],
"title": "wifi: iwlwifi: fix a memory corruption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26610",
"datePublished": "2024-02-29T15:52:15.796Z",
"dateReserved": "2024-02-19T14:20:24.130Z",
"dateUpdated": "2026-05-11T20:00:44.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26615 (GCVE-0-2024-26615)
Vulnerability from cvelistv5 – Published: 2024-02-29 15:52 – Updated: 2026-05-11 20:00
VLAI
EPSS
Title
net/smc: fix illegal rmb_desc access in SMC-D connection dump
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/smc: fix illegal rmb_desc access in SMC-D connection dump
A crash was found when dumping SMC-D connections. It can be reproduced
by following steps:
- run nginx/wrk test:
smc_run nginx
smc_run wrk -t 16 -c 1000 -d <duration> -H 'Connection: Close' <URL>
- continuously dump SMC-D connections in parallel:
watch -n 1 'smcss -D'
BUG: kernel NULL pointer dereference, address: 0000000000000030
CPU: 2 PID: 7204 Comm: smcss Kdump: loaded Tainted: G E 6.7.0+ #55
RIP: 0010:__smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]
Call Trace:
<TASK>
? __die+0x24/0x70
? page_fault_oops+0x66/0x150
? exc_page_fault+0x69/0x140
? asm_exc_page_fault+0x26/0x30
? __smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]
? __kmalloc_node_track_caller+0x35d/0x430
? __alloc_skb+0x77/0x170
smc_diag_dump_proto+0xd0/0xf0 [smc_diag]
smc_diag_dump+0x26/0x60 [smc_diag]
netlink_dump+0x19f/0x320
__netlink_dump_start+0x1dc/0x300
smc_diag_handler_dump+0x6a/0x80 [smc_diag]
? __pfx_smc_diag_dump+0x10/0x10 [smc_diag]
sock_diag_rcv_msg+0x121/0x140
? __pfx_sock_diag_rcv_msg+0x10/0x10
netlink_rcv_skb+0x5a/0x110
sock_diag_rcv+0x28/0x40
netlink_unicast+0x22a/0x330
netlink_sendmsg+0x1f8/0x420
__sock_sendmsg+0xb0/0xc0
____sys_sendmsg+0x24e/0x300
? copy_msghdr_from_user+0x62/0x80
___sys_sendmsg+0x7c/0xd0
? __do_fault+0x34/0x160
? do_read_fault+0x5f/0x100
? do_fault+0xb0/0x110
? __handle_mm_fault+0x2b0/0x6c0
__sys_sendmsg+0x4d/0x80
do_syscall_64+0x69/0x180
entry_SYSCALL_64_after_hwframe+0x6e/0x76
It is possible that the connection is in process of being established
when we dump it. Assumed that the connection has been registered in a
link group by smc_conn_create() but the rmb_desc has not yet been
initialized by smc_buf_create(), thus causing the illegal access to
conn->rmb_desc. So fix it by checking before dump.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d , < 27aea64838914c6122db5b8bd4bed865c9736f22
(git)
Affected: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d , < 1fea9969b81c67d0cb1611d1b8b7d19049d937be (git) Affected: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d , < 5fed92ca32eafbfae8b6bee8ca34cca71c6a8b6d (git) Affected: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d , < 68b888d51ac82f2b96bf5e077a31d76afcdef25a (git) Affected: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d , < 6994dba06321e3c48fdad0ba796a063d9d82183a (git) Affected: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d , < a164c2922675d7051805cdaf2b07daffe44f20d9 (git) Affected: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d , < 8f3f9186e5bb96a9c9654c41653210e3ea7e48a6 (git) Affected: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d , < dbc153fd3c142909e564bb256da087e13fbf239c (git) |
|
| Linux | Linux |
Affected:
4.19
Unaffected: 0 , < 4.19 (semver) Unaffected: 4.19.307 , ≤ 4.19.* (semver) Unaffected: 5.4.269 , ≤ 5.4.* (semver) Unaffected: 5.10.210 , ≤ 5.10.* (semver) Unaffected: 5.15.149 , ≤ 5.15.* (semver) Unaffected: 6.1.76 , ≤ 6.1.* (semver) Unaffected: 6.6.15 , ≤ 6.6.* (semver) Unaffected: 6.7.3 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/27aea64838914c6122db5b8bd4bed865c9736f22"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1fea9969b81c67d0cb1611d1b8b7d19049d937be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5fed92ca32eafbfae8b6bee8ca34cca71c6a8b6d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68b888d51ac82f2b96bf5e077a31d76afcdef25a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6994dba06321e3c48fdad0ba796a063d9d82183a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a164c2922675d7051805cdaf2b07daffe44f20d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f3f9186e5bb96a9c9654c41653210e3ea7e48a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbc153fd3c142909e564bb256da087e13fbf239c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:57:17.586367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:50.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/smc/smc_diag.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "27aea64838914c6122db5b8bd4bed865c9736f22",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "1fea9969b81c67d0cb1611d1b8b7d19049d937be",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "5fed92ca32eafbfae8b6bee8ca34cca71c6a8b6d",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "68b888d51ac82f2b96bf5e077a31d76afcdef25a",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "6994dba06321e3c48fdad0ba796a063d9d82183a",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "a164c2922675d7051805cdaf2b07daffe44f20d9",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "8f3f9186e5bb96a9c9654c41653210e3ea7e48a6",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "dbc153fd3c142909e564bb256da087e13fbf239c",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/smc/smc_diag.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix illegal rmb_desc access in SMC-D connection dump\n\nA crash was found when dumping SMC-D connections. It can be reproduced\nby following steps:\n\n- run nginx/wrk test:\n smc_run nginx\n smc_run wrk -t 16 -c 1000 -d \u003cduration\u003e -H \u0027Connection: Close\u0027 \u003cURL\u003e\n\n- continuously dump SMC-D connections in parallel:\n watch -n 1 \u0027smcss -D\u0027\n\n BUG: kernel NULL pointer dereference, address: 0000000000000030\n CPU: 2 PID: 7204 Comm: smcss Kdump: loaded Tainted: G\tE 6.7.0+ #55\n RIP: 0010:__smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x24/0x70\n ? page_fault_oops+0x66/0x150\n ? exc_page_fault+0x69/0x140\n ? asm_exc_page_fault+0x26/0x30\n ? __smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]\n ? __kmalloc_node_track_caller+0x35d/0x430\n ? __alloc_skb+0x77/0x170\n smc_diag_dump_proto+0xd0/0xf0 [smc_diag]\n smc_diag_dump+0x26/0x60 [smc_diag]\n netlink_dump+0x19f/0x320\n __netlink_dump_start+0x1dc/0x300\n smc_diag_handler_dump+0x6a/0x80 [smc_diag]\n ? __pfx_smc_diag_dump+0x10/0x10 [smc_diag]\n sock_diag_rcv_msg+0x121/0x140\n ? __pfx_sock_diag_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x5a/0x110\n sock_diag_rcv+0x28/0x40\n netlink_unicast+0x22a/0x330\n netlink_sendmsg+0x1f8/0x420\n __sock_sendmsg+0xb0/0xc0\n ____sys_sendmsg+0x24e/0x300\n ? copy_msghdr_from_user+0x62/0x80\n ___sys_sendmsg+0x7c/0xd0\n ? __do_fault+0x34/0x160\n ? do_read_fault+0x5f/0x100\n ? do_fault+0xb0/0x110\n ? __handle_mm_fault+0x2b0/0x6c0\n __sys_sendmsg+0x4d/0x80\n do_syscall_64+0x69/0x180\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nIt is possible that the connection is in process of being established\nwhen we dump it. Assumed that the connection has been registered in a\nlink group by smc_conn_create() but the rmb_desc has not yet been\ninitialized by smc_buf_create(), thus causing the illegal access to\nconn-\u003ermb_desc. So fix it by checking before dump."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:00:49.787Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/27aea64838914c6122db5b8bd4bed865c9736f22"
},
{
"url": "https://git.kernel.org/stable/c/1fea9969b81c67d0cb1611d1b8b7d19049d937be"
},
{
"url": "https://git.kernel.org/stable/c/5fed92ca32eafbfae8b6bee8ca34cca71c6a8b6d"
},
{
"url": "https://git.kernel.org/stable/c/68b888d51ac82f2b96bf5e077a31d76afcdef25a"
},
{
"url": "https://git.kernel.org/stable/c/6994dba06321e3c48fdad0ba796a063d9d82183a"
},
{
"url": "https://git.kernel.org/stable/c/a164c2922675d7051805cdaf2b07daffe44f20d9"
},
{
"url": "https://git.kernel.org/stable/c/8f3f9186e5bb96a9c9654c41653210e3ea7e48a6"
},
{
"url": "https://git.kernel.org/stable/c/dbc153fd3c142909e564bb256da087e13fbf239c"
}
],
"title": "net/smc: fix illegal rmb_desc access in SMC-D connection dump",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26615",
"datePublished": "2024-02-29T15:52:18.843Z",
"dateReserved": "2024-02-19T14:20:24.131Z",
"dateUpdated": "2026-05-11T20:00:49.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26642 (GCVE-0-2024-26642)
Vulnerability from cvelistv5 – Published: 2024-03-21 10:43 – Updated: 2026-05-12 11:49
VLAI
EPSS
Title
netfilter: nf_tables: disallow anonymous set with timeout flag
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: disallow anonymous set with timeout flag
Anonymous sets are never used with timeout from userspace, reject this.
Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
761da2935d6e18d178582dbdf315a3a458555505 , < e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9
(git)
Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f (git) Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351 (git) Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < 7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199 (git) Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < 72c1efe3f247a581667b7d368fff3bd9a03cd57a (git) Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12 (git) Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < 8e07c16695583a66e81f67ce4c46e94dece47ba7 (git) Affected: 761da2935d6e18d178582dbdf315a3a458555505 , < 16603605b667b70da974bea8216c93e7db043bf1 (git) |
|
| Linux | Linux |
Affected:
4.1
Unaffected: 0 , < 4.1 (semver) Unaffected: 4.19.312 , ≤ 4.19.* (semver) Unaffected: 5.4.274 , ≤ 5.4.* (semver) Unaffected: 5.10.215 , ≤ 5.10.* (semver) Unaffected: 5.15.154 , ≤ 5.15.* (semver) Unaffected: 6.1.84 , ≤ 6.1.* (semver) Unaffected: 6.6.24 , ≤ 6.6.* (semver) Unaffected: 6.7.12 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T17:43:46.916001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:25.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e07c16695583a66e81f67ce4c46e94dece47ba7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:49:22.015Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9",
"status": "affected",
"version": "761da2935d6e18d178582dbdf315a3a458555505",
"versionType": "git"
},
{
"lessThan": "e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f",
"status": "affected",
"version": "761da2935d6e18d178582dbdf315a3a458555505",
"versionType": "git"
},
{
"lessThan": "fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351",
"status": "affected",
"version": "761da2935d6e18d178582dbdf315a3a458555505",
"versionType": "git"
},
{
"lessThan": "7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199",
"status": "affected",
"version": "761da2935d6e18d178582dbdf315a3a458555505",
"versionType": "git"
},
{
"lessThan": "72c1efe3f247a581667b7d368fff3bd9a03cd57a",
"status": "affected",
"version": "761da2935d6e18d178582dbdf315a3a458555505",
"versionType": "git"
},
{
"lessThan": "c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12",
"status": "affected",
"version": "761da2935d6e18d178582dbdf315a3a458555505",
"versionType": "git"
},
{
"lessThan": "8e07c16695583a66e81f67ce4c46e94dece47ba7",
"status": "affected",
"version": "761da2935d6e18d178582dbdf315a3a458555505",
"versionType": "git"
},
{
"lessThan": "16603605b667b70da974bea8216c93e7db043bf1",
"status": "affected",
"version": "761da2935d6e18d178582dbdf315a3a458555505",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.1"
},
{
"lessThan": "4.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: disallow anonymous set with timeout flag\n\nAnonymous sets are never used with timeout from userspace, reject this.\nException to this rule is NFT_SET_EVAL to ensure legacy meters still work."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:01:21.131Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9"
},
{
"url": "https://git.kernel.org/stable/c/e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f"
},
{
"url": "https://git.kernel.org/stable/c/fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351"
},
{
"url": "https://git.kernel.org/stable/c/7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199"
},
{
"url": "https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a"
},
{
"url": "https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12"
},
{
"url": "https://git.kernel.org/stable/c/8e07c16695583a66e81f67ce4c46e94dece47ba7"
},
{
"url": "https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1"
}
],
"title": "netfilter: nf_tables: disallow anonymous set with timeout flag",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26642",
"datePublished": "2024-03-21T10:43:43.495Z",
"dateReserved": "2024-02-19T14:20:24.137Z",
"dateUpdated": "2026-05-12T11:49:22.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26643 (GCVE-0-2024-26643)
Vulnerability from cvelistv5 – Published: 2024-03-21 10:43 – Updated: 2026-05-23 15:36
VLAI
EPSS
Title
netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
While the rhashtable set gc runs asynchronously, a race allows it to
collect elements from anonymous sets with timeouts while it is being
released from the commit path.
Mingi Cho originally reported this issue in a different path in 6.1.x
with a pipapo set with low timeouts which is not possible upstream since
7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set
element timeout").
Fix this by setting on the dead flag for anonymous sets to skip async gc
in this case.
According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on
transaction abort"), Florian plans to accelerate abort path by releasing
objects via workqueue, therefore, this sets on the dead flag for abort
path too.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
8da1b048f9a501d3d7d38c188ba09d7d0d5b8c27 , < d75a589bb92af1abf3b779cfcd1977ca11b27033
(git)
Affected: bbdb3b65aa91aa0a32b212f27780b28987f2d94f , < edcf1a3f182ecf8b6b805f0ce90570ea98c5f6bf (git) Affected: 448be0774882f95a74fa5eb7519761152add601b , < e2d45f467096e931044f0ab7634499879d851a5c (git) Affected: d19e8bf3ea4114dd21fc35da21f398203d7f7df1 , < 291cca35818bd52a407bc37ab45a15816039e363 (git) Affected: ea3eb9f2192e4fc33b795673e56c97a21987f868 , < 406b0241d0eb598a0b330ab20ae325537d8d8163 (git) Affected: 5f68718b34a531a556f2f50300ead2862278da26 , < b2d6f9a5b1cf968f1eaa71085ceeb09c2cb276b1 (git) Affected: 5f68718b34a531a556f2f50300ead2862278da26 , < 5224afbc30c3ca9ba23e752f0f138729b2c48dd8 (git) Affected: 5f68718b34a531a556f2f50300ead2862278da26 , < 552705a3650bbf46a22b1adedc1b04181490fc36 (git) Affected: 0624f190b5742a1527cd938295caa8dc5281d4cd (git) Affected: 5.4.262 , < 5.4.274 (semver) Affected: 5.10.198 , < 5.10.215 (semver) Affected: 5.15.134 , < 5.15.154 (semver) Affected: 6.1.56 , < 6.1.84 (semver) Affected: 6.4.11 , < 6.5 (semver) |
|
| Linux | Linux |
Affected:
6.5
Unaffected: 0 , < 6.5 (semver) Unaffected: 5.4.274 , ≤ 5.4.* (semver) Unaffected: 5.10.215 , ≤ 5.10.* (semver) Unaffected: 5.15.154 , ≤ 5.15.* (semver) Unaffected: 6.1.84 , ≤ 6.1.* (semver) Unaffected: 6.6.24 , ≤ 6.6.* (semver) Unaffected: 6.7.12 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:08:32.631906Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:08:41.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d75a589bb92af1abf3b779cfcd1977ca11b27033"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/edcf1a3f182ecf8b6b805f0ce90570ea98c5f6bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e2d45f467096e931044f0ab7634499879d851a5c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/291cca35818bd52a407bc37ab45a15816039e363"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/406b0241d0eb598a0b330ab20ae325537d8d8163"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b2d6f9a5b1cf968f1eaa71085ceeb09c2cb276b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5224afbc30c3ca9ba23e752f0f138729b2c48dd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:49:23.174Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d75a589bb92af1abf3b779cfcd1977ca11b27033",
"status": "affected",
"version": "8da1b048f9a501d3d7d38c188ba09d7d0d5b8c27",
"versionType": "git"
},
{
"lessThan": "edcf1a3f182ecf8b6b805f0ce90570ea98c5f6bf",
"status": "affected",
"version": "bbdb3b65aa91aa0a32b212f27780b28987f2d94f",
"versionType": "git"
},
{
"lessThan": "e2d45f467096e931044f0ab7634499879d851a5c",
"status": "affected",
"version": "448be0774882f95a74fa5eb7519761152add601b",
"versionType": "git"
},
{
"lessThan": "291cca35818bd52a407bc37ab45a15816039e363",
"status": "affected",
"version": "d19e8bf3ea4114dd21fc35da21f398203d7f7df1",
"versionType": "git"
},
{
"lessThan": "406b0241d0eb598a0b330ab20ae325537d8d8163",
"status": "affected",
"version": "ea3eb9f2192e4fc33b795673e56c97a21987f868",
"versionType": "git"
},
{
"lessThan": "b2d6f9a5b1cf968f1eaa71085ceeb09c2cb276b1",
"status": "affected",
"version": "5f68718b34a531a556f2f50300ead2862278da26",
"versionType": "git"
},
{
"lessThan": "5224afbc30c3ca9ba23e752f0f138729b2c48dd8",
"status": "affected",
"version": "5f68718b34a531a556f2f50300ead2862278da26",
"versionType": "git"
},
{
"lessThan": "552705a3650bbf46a22b1adedc1b04181490fc36",
"status": "affected",
"version": "5f68718b34a531a556f2f50300ead2862278da26",
"versionType": "git"
},
{
"status": "affected",
"version": "0624f190b5742a1527cd938295caa8dc5281d4cd",
"versionType": "git"
},
{
"lessThan": "5.4.274",
"status": "affected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThan": "5.10.215",
"status": "affected",
"version": "5.10.198",
"versionType": "semver"
},
{
"lessThan": "5.15.154",
"status": "affected",
"version": "5.15.134",
"versionType": "semver"
},
{
"lessThan": "6.1.84",
"status": "affected",
"version": "6.1.56",
"versionType": "semver"
},
{
"lessThan": "6.5",
"status": "affected",
"version": "6.4.11",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "5.10.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.15.134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "6.1.56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout\n\nWhile the rhashtable set gc runs asynchronously, a race allows it to\ncollect elements from anonymous sets with timeouts while it is being\nreleased from the commit path.\n\nMingi Cho originally reported this issue in a different path in 6.1.x\nwith a pipapo set with low timeouts which is not possible upstream since\n7395dfacfff6 (\"netfilter: nf_tables: use timestamp to check for set\nelement timeout\").\n\nFix this by setting on the dead flag for anonymous sets to skip async gc\nin this case.\n\nAccording to 08e4c8c5919f (\"netfilter: nf_tables: mark newset as dead on\ntransaction abort\"), Florian plans to accelerate abort path by releasing\nobjects via workqueue, therefore, this sets on the dead flag for abort\npath too."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:36:19.531Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d75a589bb92af1abf3b779cfcd1977ca11b27033"
},
{
"url": "https://git.kernel.org/stable/c/edcf1a3f182ecf8b6b805f0ce90570ea98c5f6bf"
},
{
"url": "https://git.kernel.org/stable/c/e2d45f467096e931044f0ab7634499879d851a5c"
},
{
"url": "https://git.kernel.org/stable/c/291cca35818bd52a407bc37ab45a15816039e363"
},
{
"url": "https://git.kernel.org/stable/c/406b0241d0eb598a0b330ab20ae325537d8d8163"
},
{
"url": "https://git.kernel.org/stable/c/b2d6f9a5b1cf968f1eaa71085ceeb09c2cb276b1"
},
{
"url": "https://git.kernel.org/stable/c/5224afbc30c3ca9ba23e752f0f138729b2c48dd8"
},
{
"url": "https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36"
}
],
"title": "netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26643",
"datePublished": "2024-03-21T10:43:44.103Z",
"dateReserved": "2024-02-19T14:20:24.137Z",
"dateUpdated": "2026-05-23T15:36:19.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26659 (GCVE-0-2024-26659)
Vulnerability from cvelistv5 – Published: 2024-04-02 06:22 – Updated: 2026-05-12 11:49
VLAI
EPSS
Title
xhci: handle isoc Babble and Buffer Overrun events properly
Summary
In the Linux kernel, the following vulnerability has been resolved:
xhci: handle isoc Babble and Buffer Overrun events properly
xHCI 4.9 explicitly forbids assuming that the xHC has released its
ownership of a multi-TRB TD when it reports an error on one of the
early TRBs. Yet the driver makes such assumption and releases the TD,
allowing the remaining TRBs to be freed or overwritten by new TDs.
The xHC should also report completion of the final TRB due to its IOC
flag being set by us, regardless of prior errors. This event cannot
be recognized if the TD has already been freed earlier, resulting in
"Transfer event TRB DMA ptr not part of current TD" error message.
Fix this by reusing the logic for processing isoc Transaction Errors.
This also handles hosts which fail to report the final completion.
Fix transfer length reporting on Babble errors. They may be caused by
device malfunction, no guarantee that the buffer has been filled.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
04e51901dd44f40a5a385ced897f6bca87d5f40a , < 696e4112e5c1ee61996198f0ebb6ca3fab55166e
(git)
Affected: 04e51901dd44f40a5a385ced897f6bca87d5f40a , < 2aa7bcfdbb46241c701811bbc0d64d7884e3346c (git) Affected: 04e51901dd44f40a5a385ced897f6bca87d5f40a , < 2e3ec80ea7ba58bbb210e83b5a0afefee7c171d3 (git) Affected: 04e51901dd44f40a5a385ced897f6bca87d5f40a , < f5e7ffa9269a448a720e21f1ed1384d118298c97 (git) Affected: 04e51901dd44f40a5a385ced897f6bca87d5f40a , < 418456c0ce56209610523f21734c5612ee634134 (git) Affected: 04e51901dd44f40a5a385ced897f6bca87d5f40a , < 7c4650ded49e5b88929ecbbb631efb8b0838e811 (git) |
|
| Linux | Linux |
Affected:
2.6.36
Unaffected: 0 , < 2.6.36 (semver) Unaffected: 5.10.213 , ≤ 5.10.* (semver) Unaffected: 5.15.152 , ≤ 5.15.* (semver) Unaffected: 6.1.82 , ≤ 6.1.* (semver) Unaffected: 6.6.17 , ≤ 6.6.* (semver) Unaffected: 6.7.5 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:31:25.014647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:31:33.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/696e4112e5c1ee61996198f0ebb6ca3fab55166e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2aa7bcfdbb46241c701811bbc0d64d7884e3346c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e3ec80ea7ba58bbb210e83b5a0afefee7c171d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f5e7ffa9269a448a720e21f1ed1384d118298c97"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/418456c0ce56209610523f21734c5612ee634134"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c4650ded49e5b88929ecbbb631efb8b0838e811"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:49:25.643Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/host/xhci-ring.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "696e4112e5c1ee61996198f0ebb6ca3fab55166e",
"status": "affected",
"version": "04e51901dd44f40a5a385ced897f6bca87d5f40a",
"versionType": "git"
},
{
"lessThan": "2aa7bcfdbb46241c701811bbc0d64d7884e3346c",
"status": "affected",
"version": "04e51901dd44f40a5a385ced897f6bca87d5f40a",
"versionType": "git"
},
{
"lessThan": "2e3ec80ea7ba58bbb210e83b5a0afefee7c171d3",
"status": "affected",
"version": "04e51901dd44f40a5a385ced897f6bca87d5f40a",
"versionType": "git"
},
{
"lessThan": "f5e7ffa9269a448a720e21f1ed1384d118298c97",
"status": "affected",
"version": "04e51901dd44f40a5a385ced897f6bca87d5f40a",
"versionType": "git"
},
{
"lessThan": "418456c0ce56209610523f21734c5612ee634134",
"status": "affected",
"version": "04e51901dd44f40a5a385ced897f6bca87d5f40a",
"versionType": "git"
},
{
"lessThan": "7c4650ded49e5b88929ecbbb631efb8b0838e811",
"status": "affected",
"version": "04e51901dd44f40a5a385ced897f6bca87d5f40a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/host/xhci-ring.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.36"
},
{
"lessThan": "2.6.36",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.82",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "2.6.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: handle isoc Babble and Buffer Overrun events properly\n\nxHCI 4.9 explicitly forbids assuming that the xHC has released its\nownership of a multi-TRB TD when it reports an error on one of the\nearly TRBs. Yet the driver makes such assumption and releases the TD,\nallowing the remaining TRBs to be freed or overwritten by new TDs.\n\nThe xHC should also report completion of the final TRB due to its IOC\nflag being set by us, regardless of prior errors. This event cannot\nbe recognized if the TD has already been freed earlier, resulting in\n\"Transfer event TRB DMA ptr not part of current TD\" error message.\n\nFix this by reusing the logic for processing isoc Transaction Errors.\nThis also handles hosts which fail to report the final completion.\n\nFix transfer length reporting on Babble errors. They may be caused by\ndevice malfunction, no guarantee that the buffer has been filled."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:01:41.045Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/696e4112e5c1ee61996198f0ebb6ca3fab55166e"
},
{
"url": "https://git.kernel.org/stable/c/2aa7bcfdbb46241c701811bbc0d64d7884e3346c"
},
{
"url": "https://git.kernel.org/stable/c/2e3ec80ea7ba58bbb210e83b5a0afefee7c171d3"
},
{
"url": "https://git.kernel.org/stable/c/f5e7ffa9269a448a720e21f1ed1384d118298c97"
},
{
"url": "https://git.kernel.org/stable/c/418456c0ce56209610523f21734c5612ee634134"
},
{
"url": "https://git.kernel.org/stable/c/7c4650ded49e5b88929ecbbb631efb8b0838e811"
}
],
"title": "xhci: handle isoc Babble and Buffer Overrun events properly",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26659",
"datePublished": "2024-04-02T06:22:09.241Z",
"dateReserved": "2024-02-19T14:20:24.147Z",
"dateUpdated": "2026-05-12T11:49:25.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…