Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0694
Vulnerability from certfr_avis - Published: 2024-08-16 - Updated: 2024-08-16
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-46343",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46343"
},
{
"name": "CVE-2024-25744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25744"
},
{
"name": "CVE-2023-52436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52436"
},
{
"name": "CVE-2023-52443",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52443"
},
{
"name": "CVE-2023-52469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
},
{
"name": "CVE-2023-52449",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52449"
},
{
"name": "CVE-2023-52444",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52444"
},
{
"name": "CVE-2023-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52434"
},
{
"name": "CVE-2023-52435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52435"
},
{
"name": "CVE-2024-25739",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25739"
},
{
"name": "CVE-2024-25742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25742"
},
{
"name": "CVE-2024-24858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24858"
},
{
"name": "CVE-2024-24857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24857"
},
{
"name": "CVE-2023-52620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52620"
},
{
"name": "CVE-2024-26980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26980"
},
{
"name": "CVE-2024-27013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27013"
},
{
"name": "CVE-2024-26840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26840"
},
{
"name": "CVE-2024-26934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26934"
},
{
"name": "CVE-2024-26882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26882"
},
{
"name": "CVE-2024-27020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27020"
},
{
"name": "CVE-2024-26936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26936"
},
{
"name": "CVE-2024-26857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26857"
},
{
"name": "CVE-2024-26884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26884"
},
{
"name": "CVE-2024-26901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
},
{
"name": "CVE-2024-27019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27019"
},
{
"name": "CVE-2024-26923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26923"
},
{
"name": "CVE-2023-52585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52585"
},
{
"name": "CVE-2023-52882",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52882"
},
{
"name": "CVE-2024-26900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26900"
},
{
"name": "CVE-2024-27398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27398"
},
{
"name": "CVE-2024-27399",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27399"
},
{
"name": "CVE-2024-27401",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27401"
},
{
"name": "CVE-2024-35848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35848"
},
{
"name": "CVE-2024-35947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35947"
},
{
"name": "CVE-2024-36017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36017"
},
{
"name": "CVE-2024-36031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36031"
},
{
"name": "CVE-2024-36883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36883"
},
{
"name": "CVE-2024-36886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
},
{
"name": "CVE-2024-36889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36889"
},
{
"name": "CVE-2024-36902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36902"
},
{
"name": "CVE-2024-36904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36904"
},
{
"name": "CVE-2024-36905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36905"
},
{
"name": "CVE-2024-36916",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36916"
},
{
"name": "CVE-2024-36919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36919"
},
{
"name": "CVE-2024-36929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
},
{
"name": "CVE-2024-36933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36933"
},
{
"name": "CVE-2024-36934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36934"
},
{
"name": "CVE-2024-36939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36939"
},
{
"name": "CVE-2024-36940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36940"
},
{
"name": "CVE-2024-36941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36941"
},
{
"name": "CVE-2024-36946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36946"
},
{
"name": "CVE-2024-36950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36950"
},
{
"name": "CVE-2024-36953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36953"
},
{
"name": "CVE-2024-36954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36954"
},
{
"name": "CVE-2024-36957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36957"
},
{
"name": "CVE-2024-36959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36959"
},
{
"name": "CVE-2024-27395",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27395"
},
{
"name": "CVE-2024-27396",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27396"
},
{
"name": "CVE-2024-27400",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27400"
},
{
"name": "CVE-2024-35847",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35847"
},
{
"name": "CVE-2024-35849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35849"
},
{
"name": "CVE-2024-35851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35851"
},
{
"name": "CVE-2024-35852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
},
{
"name": "CVE-2024-35854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
},
{
"name": "CVE-2024-35976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35976"
},
{
"name": "CVE-2024-35978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35978"
},
{
"name": "CVE-2024-35982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35982"
},
{
"name": "CVE-2024-35984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35984"
},
{
"name": "CVE-2024-35989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35989"
},
{
"name": "CVE-2024-35998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35998"
},
{
"name": "CVE-2024-35999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35999"
},
{
"name": "CVE-2024-36006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36006"
},
{
"name": "CVE-2024-36007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36007"
},
{
"name": "CVE-2024-36012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36012"
},
{
"name": "CVE-2024-36014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36014"
},
{
"name": "CVE-2024-36015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36015"
},
{
"name": "CVE-2024-36016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36016"
},
{
"name": "CVE-2024-36029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36029"
},
{
"name": "CVE-2024-36032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36032"
},
{
"name": "CVE-2024-36880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36880"
},
{
"name": "CVE-2024-36893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36893"
},
{
"name": "CVE-2024-36896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36896"
},
{
"name": "CVE-2024-36897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36897"
},
{
"name": "CVE-2024-36906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36906"
},
{
"name": "CVE-2024-36918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36918"
},
{
"name": "CVE-2024-36924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36924"
},
{
"name": "CVE-2024-36926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36926"
},
{
"name": "CVE-2024-36928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36928"
},
{
"name": "CVE-2024-36931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36931"
},
{
"name": "CVE-2024-36938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36938"
},
{
"name": "CVE-2024-36944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36944"
},
{
"name": "CVE-2024-36947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36947"
},
{
"name": "CVE-2024-36952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36952"
},
{
"name": "CVE-2024-36955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36955"
},
{
"name": "CVE-2024-35850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35850"
},
{
"name": "CVE-2024-35986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35986"
},
{
"name": "CVE-2024-35991",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35991"
},
{
"name": "CVE-2024-35997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35997"
},
{
"name": "CVE-2024-36002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36002"
},
{
"name": "CVE-2024-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36009"
},
{
"name": "CVE-2024-36011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36011"
},
{
"name": "CVE-2024-36013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36013"
},
{
"name": "CVE-2024-36030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36030"
},
{
"name": "CVE-2024-36890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36890"
},
{
"name": "CVE-2024-36891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36891"
},
{
"name": "CVE-2024-36894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36894"
},
{
"name": "CVE-2024-36895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36895"
},
{
"name": "CVE-2024-36898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36898"
},
{
"name": "CVE-2024-36921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36921"
},
{
"name": "CVE-2024-36922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36922"
},
{
"name": "CVE-2024-36930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36930"
},
{
"name": "CVE-2024-36936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36936"
},
{
"name": "CVE-2024-36949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36949"
},
{
"name": "CVE-2024-36951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36951"
},
{
"name": "CVE-2024-31076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31076"
},
{
"name": "CVE-2024-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33621"
},
{
"name": "CVE-2024-35853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35853"
},
{
"name": "CVE-2024-35855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
},
{
"name": "CVE-2024-35983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35983"
},
{
"name": "CVE-2024-35988",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35988"
},
{
"name": "CVE-2024-35996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35996"
},
{
"name": "CVE-2024-36004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36004"
},
{
"name": "CVE-2024-36005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
},
{
"name": "CVE-2024-36286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36286"
},
{
"name": "CVE-2024-36960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36960"
},
{
"name": "CVE-2024-36964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36964"
},
{
"name": "CVE-2024-36971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
},
{
"name": "CVE-2024-37353",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37353"
},
{
"name": "CVE-2024-37356",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37356"
},
{
"name": "CVE-2024-38381",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38381"
},
{
"name": "CVE-2024-38549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38549"
},
{
"name": "CVE-2024-38552",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38552"
},
{
"name": "CVE-2024-38558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38558"
},
{
"name": "CVE-2024-38559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38559"
},
{
"name": "CVE-2024-38560",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38560"
},
{
"name": "CVE-2024-38565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38565"
},
{
"name": "CVE-2024-38567",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38567"
},
{
"name": "CVE-2024-38578",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38578"
},
{
"name": "CVE-2024-38579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38579"
},
{
"name": "CVE-2024-38582",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38582"
},
{
"name": "CVE-2024-38583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38583"
},
{
"name": "CVE-2024-38587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38587"
},
{
"name": "CVE-2024-38589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38589"
},
{
"name": "CVE-2024-38596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38596"
},
{
"name": "CVE-2024-38598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38598"
},
{
"name": "CVE-2024-38599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38599"
},
{
"name": "CVE-2024-38601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38601"
},
{
"name": "CVE-2024-38612",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38612"
},
{
"name": "CVE-2024-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38618"
},
{
"name": "CVE-2024-38621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38621"
},
{
"name": "CVE-2024-38627",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38627"
},
{
"name": "CVE-2024-38633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38633"
},
{
"name": "CVE-2024-38634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38634"
},
{
"name": "CVE-2024-38637",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38637"
},
{
"name": "CVE-2024-38659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38659"
},
{
"name": "CVE-2024-38780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38780"
},
{
"name": "CVE-2024-39292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39292"
},
{
"name": "CVE-2024-26886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26886"
},
{
"name": "CVE-2024-26952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26952"
},
{
"name": "CVE-2022-48772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48772"
},
{
"name": "CVE-2023-52752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52752"
},
{
"name": "CVE-2024-35857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35857"
},
{
"name": "CVE-2024-36899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36899"
},
{
"name": "CVE-2024-36900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36900"
},
{
"name": "CVE-2024-36915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36915"
},
{
"name": "CVE-2024-36917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36917"
},
{
"name": "CVE-2024-36923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36923"
},
{
"name": "CVE-2024-36937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36937"
},
{
"name": "CVE-2024-36945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
},
{
"name": "CVE-2024-36965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36965"
},
{
"name": "CVE-2024-36967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36967"
},
{
"name": "CVE-2024-36969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36969"
},
{
"name": "CVE-2024-36975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36975"
},
{
"name": "CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"name": "CVE-2024-38541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
},
{
"name": "CVE-2024-38544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38544"
},
{
"name": "CVE-2024-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38545"
},
{
"name": "CVE-2024-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38546"
},
{
"name": "CVE-2024-38547",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38547"
},
{
"name": "CVE-2024-38548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38548"
},
{
"name": "CVE-2024-38550",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38550"
},
{
"name": "CVE-2024-38553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38553"
},
{
"name": "CVE-2024-38555",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38555"
},
{
"name": "CVE-2024-38556",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38556"
},
{
"name": "CVE-2024-38557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38557"
},
{
"name": "CVE-2024-38564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38564"
},
{
"name": "CVE-2024-38568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38568"
},
{
"name": "CVE-2024-38571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38571"
},
{
"name": "CVE-2024-38573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38573"
},
{
"name": "CVE-2024-38580",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38580"
},
{
"name": "CVE-2024-38590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38590"
},
{
"name": "CVE-2024-38591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38591"
},
{
"name": "CVE-2024-38594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38594"
},
{
"name": "CVE-2024-38597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38597"
},
{
"name": "CVE-2024-38600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38600"
},
{
"name": "CVE-2024-38603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38603"
},
{
"name": "CVE-2024-38605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38605"
},
{
"name": "CVE-2024-38616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38616"
},
{
"name": "CVE-2024-38635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38635"
},
{
"name": "CVE-2024-38661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38661"
},
{
"name": "CVE-2024-39301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39301"
},
{
"name": "CVE-2024-39471",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39471"
},
{
"name": "CVE-2024-38610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38610"
},
{
"name": "CVE-2024-39475",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39475"
},
{
"name": "CVE-2024-24859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24859"
},
{
"name": "CVE-2024-27017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27017"
},
{
"name": "CVE-2024-36270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36270"
},
{
"name": "CVE-2024-38543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38543"
},
{
"name": "CVE-2024-38586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38586"
},
{
"name": "CVE-2024-38593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38593"
},
{
"name": "CVE-2024-38607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38607"
},
{
"name": "CVE-2024-38613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38613"
},
{
"name": "CVE-2024-38615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38615"
},
{
"name": "CVE-2024-39276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39276"
},
{
"name": "CVE-2024-39467",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39467"
},
{
"name": "CVE-2024-39480",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39480"
},
{
"name": "CVE-2024-39482",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39482"
},
{
"name": "CVE-2024-39488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39488"
},
{
"name": "CVE-2024-39489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39489"
},
{
"name": "CVE-2024-39493",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39493"
},
{
"name": "CVE-2024-36882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36882"
},
{
"name": "CVE-2024-36887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36887"
},
{
"name": "CVE-2024-36903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36903"
},
{
"name": "CVE-2024-36935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36935"
},
{
"name": "CVE-2024-36962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36962"
},
{
"name": "CVE-2024-36977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36977"
},
{
"name": "CVE-2024-38539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38539"
},
{
"name": "CVE-2024-38551",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38551"
},
{
"name": "CVE-2024-38554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38554"
},
{
"name": "CVE-2024-38562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38562"
},
{
"name": "CVE-2024-38566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38566"
},
{
"name": "CVE-2024-38569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38569"
},
{
"name": "CVE-2024-38570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38570"
},
{
"name": "CVE-2024-38572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38572"
},
{
"name": "CVE-2024-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38575"
},
{
"name": "CVE-2024-38588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38588"
},
{
"name": "CVE-2024-38592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38592"
},
{
"name": "CVE-2024-38595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38595"
},
{
"name": "CVE-2024-38602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38602"
},
{
"name": "CVE-2024-38611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38611"
},
{
"name": "CVE-2024-38617",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38617"
},
{
"name": "CVE-2022-48674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48674"
},
{
"name": "CVE-2024-27394",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27394"
},
{
"name": "CVE-2024-35846",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35846"
},
{
"name": "CVE-2024-35856",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35856"
},
{
"name": "CVE-2024-35858",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35858"
},
{
"name": "CVE-2024-35859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35859"
},
{
"name": "CVE-2024-35949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35949"
},
{
"name": "CVE-2024-35987",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35987"
},
{
"name": "CVE-2024-35993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35993"
},
{
"name": "CVE-2024-35994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35994"
},
{
"name": "CVE-2024-36000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
},
{
"name": "CVE-2024-36001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36001"
},
{
"name": "CVE-2024-36003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36003"
},
{
"name": "CVE-2024-36028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36028"
},
{
"name": "CVE-2024-36033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36033"
},
{
"name": "CVE-2024-36881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36881"
},
{
"name": "CVE-2024-36884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36884"
},
{
"name": "CVE-2024-36888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36888"
},
{
"name": "CVE-2024-36892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36892"
},
{
"name": "CVE-2024-36901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36901"
},
{
"name": "CVE-2024-36908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36908"
},
{
"name": "CVE-2024-36909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36909"
},
{
"name": "CVE-2024-36910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36910"
},
{
"name": "CVE-2024-36911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36911"
},
{
"name": "CVE-2024-36912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36912"
},
{
"name": "CVE-2024-36913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36913"
},
{
"name": "CVE-2024-36914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36914"
},
{
"name": "CVE-2024-36920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36920"
},
{
"name": "CVE-2024-36925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36925"
},
{
"name": "CVE-2024-36927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36927"
},
{
"name": "CVE-2024-36932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36932"
},
{
"name": "CVE-2024-36943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36943"
},
{
"name": "CVE-2024-36948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36948"
},
{
"name": "CVE-2024-36956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36956"
},
{
"name": "CVE-2024-36958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36958"
},
{
"name": "CVE-2024-36961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36961"
},
{
"name": "CVE-2024-36963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36963"
},
{
"name": "CVE-2024-36966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36966"
},
{
"name": "CVE-2024-36968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36968"
},
{
"name": "CVE-2024-36979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36979"
},
{
"name": "CVE-2024-38538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38538"
},
{
"name": "CVE-2024-38542",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38542"
},
{
"name": "CVE-2024-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38561"
},
{
"name": "CVE-2024-38563",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38563"
},
{
"name": "CVE-2024-38574",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38574"
},
{
"name": "CVE-2024-38576",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38576"
},
{
"name": "CVE-2024-38577",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38577"
},
{
"name": "CVE-2024-38584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38584"
},
{
"name": "CVE-2024-38585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38585"
},
{
"name": "CVE-2024-38604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38604"
},
{
"name": "CVE-2024-38606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38606"
},
{
"name": "CVE-2024-38614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38614"
},
{
"name": "CVE-2024-38620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38620"
},
{
"name": "CVE-2024-41011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41011"
},
{
"name": "CVE-2024-42134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42134"
}
],
"initial_release_date": "2024-08-16T00:00:00",
"last_revision_date": "2024-08-16T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0694",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2024-08-09",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6926-3",
"url": "https://ubuntu.com/security/notices/USN-6926-3"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6950-2",
"url": "https://ubuntu.com/security/notices/USN-6950-2"
},
{
"published_at": "2024-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6955-1",
"url": "https://ubuntu.com/security/notices/USN-6955-1"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6949-2",
"url": "https://ubuntu.com/security/notices/USN-6949-2"
},
{
"published_at": "2024-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6956-1",
"url": "https://ubuntu.com/security/notices/USN-6956-1"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6957-1",
"url": "https://ubuntu.com/security/notices/USN-6957-1"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6950-3",
"url": "https://ubuntu.com/security/notices/USN-6950-3"
},
{
"published_at": "2024-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6951-2",
"url": "https://ubuntu.com/security/notices/USN-6951-2"
}
]
}
CVE-2024-26840 (GCVE-0-2024-26840)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:10 – Updated: 2026-05-11 20:05
VLAI
EPSS
Title
cachefiles: fix memory leak in cachefiles_add_cache()
Summary
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: fix memory leak in cachefiles_add_cache()
The following memory leak was reported after unbinding /dev/cachefiles:
==================================================================
unreferenced object 0xffff9b674176e3c0 (size 192):
comm "cachefilesd2", pid 680, jiffies 4294881224
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc ea38a44b):
[<ffffffff8eb8a1a5>] kmem_cache_alloc+0x2d5/0x370
[<ffffffff8e917f86>] prepare_creds+0x26/0x2e0
[<ffffffffc002eeef>] cachefiles_determine_cache_security+0x1f/0x120
[<ffffffffc00243ec>] cachefiles_add_cache+0x13c/0x3a0
[<ffffffffc0025216>] cachefiles_daemon_write+0x146/0x1c0
[<ffffffff8ebc4a3b>] vfs_write+0xcb/0x520
[<ffffffff8ebc5069>] ksys_write+0x69/0xf0
[<ffffffff8f6d4662>] do_syscall_64+0x72/0x140
[<ffffffff8f8000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0x76
==================================================================
Put the reference count of cache_cred in cachefiles_daemon_unbind() to
fix the problem. And also put cache_cred in cachefiles_add_cache() error
branch to avoid memory leaks.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
9ae326a69004dea8af2dae4fde58de27db700a8d , < cb5466783793e66272624cf71925ae1d1ba32083
(git)
Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 037d5a949b0455540ef9aab34c10ddf54b65d285 (git) Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 43eccc5823732ba6daab2511ed32dfc545a666d8 (git) Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 94965be37add0983672e48ecb33cdbda92b62579 (git) Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 8b218e2f0a27a9f09428b1847b4580640b9d1e58 (git) Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 38e921616320d159336b0ffadb09e9fb4945c7c3 (git) Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < 9cac69912052a4def571fedf1cb9bb4ec590e25a (git) Affected: 9ae326a69004dea8af2dae4fde58de27db700a8d , < e21a2f17566cbd64926fb8f16323972f7a064444 (git) |
|
| Linux | Linux |
Affected:
2.6.30
Unaffected: 0 , < 2.6.30 (semver) Unaffected: 4.19.309 , ≤ 4.19.* (semver) Unaffected: 5.4.271 , ≤ 5.4.* (semver) Unaffected: 5.10.212 , ≤ 5.10.* (semver) Unaffected: 5.15.151 , ≤ 5.15.* (semver) Unaffected: 6.1.80 , ≤ 6.1.* (semver) Unaffected: 6.6.19 , ≤ 6.6.* (semver) Unaffected: 6.7.7 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:58:24.475717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:17.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec590e25a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e21a2f17566cbd64926fb8f16323972f7a064444"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/cachefiles/cache.c",
"fs/cachefiles/daemon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cb5466783793e66272624cf71925ae1d1ba32083",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "037d5a949b0455540ef9aab34c10ddf54b65d285",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "43eccc5823732ba6daab2511ed32dfc545a666d8",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "94965be37add0983672e48ecb33cdbda92b62579",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "8b218e2f0a27a9f09428b1847b4580640b9d1e58",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "38e921616320d159336b0ffadb09e9fb4945c7c3",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "9cac69912052a4def571fedf1cb9bb4ec590e25a",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "e21a2f17566cbd64926fb8f16323972f7a064444",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/cachefiles/cache.c",
"fs/cachefiles/daemon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix memory leak in cachefiles_add_cache()\n\nThe following memory leak was reported after unbinding /dev/cachefiles:\n\n==================================================================\nunreferenced object 0xffff9b674176e3c0 (size 192):\n comm \"cachefilesd2\", pid 680, jiffies 4294881224\n hex dump (first 32 bytes):\n 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc ea38a44b):\n [\u003cffffffff8eb8a1a5\u003e] kmem_cache_alloc+0x2d5/0x370\n [\u003cffffffff8e917f86\u003e] prepare_creds+0x26/0x2e0\n [\u003cffffffffc002eeef\u003e] cachefiles_determine_cache_security+0x1f/0x120\n [\u003cffffffffc00243ec\u003e] cachefiles_add_cache+0x13c/0x3a0\n [\u003cffffffffc0025216\u003e] cachefiles_daemon_write+0x146/0x1c0\n [\u003cffffffff8ebc4a3b\u003e] vfs_write+0xcb/0x520\n [\u003cffffffff8ebc5069\u003e] ksys_write+0x69/0xf0\n [\u003cffffffff8f6d4662\u003e] do_syscall_64+0x72/0x140\n [\u003cffffffff8f8000aa\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n==================================================================\n\nPut the reference count of cache_cred in cachefiles_daemon_unbind() to\nfix the problem. And also put cache_cred in cachefiles_add_cache() error\nbranch to avoid memory leaks."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:05:09.433Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083"
},
{
"url": "https://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285"
},
{
"url": "https://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8"
},
{
"url": "https://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579"
},
{
"url": "https://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58"
},
{
"url": "https://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3"
},
{
"url": "https://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec590e25a"
},
{
"url": "https://git.kernel.org/stable/c/e21a2f17566cbd64926fb8f16323972f7a064444"
}
],
"title": "cachefiles: fix memory leak in cachefiles_add_cache()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26840",
"datePublished": "2024-04-17T10:10:06.180Z",
"dateReserved": "2024-02-19T14:20:24.182Z",
"dateUpdated": "2026-05-11T20:05:09.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26857 (GCVE-0-2024-26857)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:17 – Updated: 2026-05-11 20:05
VLAI
EPSS
Title
geneve: make sure to pull inner header in geneve_rx()
Summary
In the Linux kernel, the following vulnerability has been resolved:
geneve: make sure to pull inner header in geneve_rx()
syzbot triggered a bug in geneve_rx() [1]
Issue is similar to the one I fixed in commit 8d975c15c0cd
("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()")
We have to save skb->network_header in a temporary variable
in order to be able to recompute the network_header pointer
after a pskb_inet_may_pull() call.
pskb_inet_may_pull() makes sure the needed headers are in skb->head.
[1]
BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]
BUG: KMSAN: uninit-value in geneve_rx drivers/net/geneve.c:279 [inline]
BUG: KMSAN: uninit-value in geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391
IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]
geneve_rx drivers/net/geneve.c:279 [inline]
geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391
udp_queue_rcv_one_skb+0x1d39/0x1f20 net/ipv4/udp.c:2108
udp_queue_rcv_skb+0x6ae/0x6e0 net/ipv4/udp.c:2186
udp_unicast_rcv_skb+0x184/0x4b0 net/ipv4/udp.c:2346
__udp4_lib_rcv+0x1c6b/0x3010 net/ipv4/udp.c:2422
udp_rcv+0x7d/0xa0 net/ipv4/udp.c:2604
ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233
NF_HOOK include/linux/netfilter.h:314 [inline]
ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254
dst_input include/net/dst.h:461 [inline]
ip_rcv_finish net/ipv4/ip_input.c:449 [inline]
NF_HOOK include/linux/netfilter.h:314 [inline]
ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569
__netif_receive_skb_one_core net/core/dev.c:5534 [inline]
__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648
process_backlog+0x480/0x8b0 net/core/dev.c:5976
__napi_poll+0xe3/0x980 net/core/dev.c:6576
napi_poll net/core/dev.c:6645 [inline]
net_rx_action+0x8b8/0x1870 net/core/dev.c:6778
__do_softirq+0x1b7/0x7c5 kernel/softirq.c:553
do_softirq+0x9a/0xf0 kernel/softirq.c:454
__local_bh_enable_ip+0x9b/0xa0 kernel/softirq.c:381
local_bh_enable include/linux/bottom_half.h:33 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:820 [inline]
__dev_queue_xmit+0x2768/0x51c0 net/core/dev.c:4378
dev_queue_xmit include/linux/netdevice.h:3171 [inline]
packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3081 [inline]
packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
slab_post_alloc_hook mm/slub.c:3819 [inline]
slab_alloc_node mm/slub.c:3860 [inline]
kmem_cache_alloc_node+0x5cb/0xbc0 mm/slub.c:3903
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560
__alloc_skb+0x352/0x790 net/core/skbuff.c:651
alloc_skb include/linux/skbuff.h:1296 [inline]
alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6394
sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2783
packet_alloc_skb net/packet/af_packet.c:2930 [inline]
packet_snd net/packet/af_packet.c:3024 [inline]
packet_sendmsg+0x70c2/0x9f10 net/packet/af_packet.c:3113
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
__sys_sendto+0x735/0xa10 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0x125/0x1c0 net/socket.c:2199
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2d07dc79fe04a43d82a346ced6bbf07bdb523f1b , < e431c3227864b5646601c97f5f898d99472f2914
(git)
Affected: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b , < 59d2a4076983303f324557a114cfd5c32e1f6b29 (git) Affected: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b , < c7137900691f5692fe3de54566ea7b30bb35d66c (git) Affected: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b , < e77e0b0f2a11735c64b105edaee54d6344faca8a (git) Affected: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b , < c0b22568a9d8384fd000cc49acb8f74bde40d1b5 (git) Affected: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b , < 0ece581d2a66e8e488c0d3b3e7b5760dbbfdbdd5 (git) Affected: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b , < 048e16dee1fc609c1c85072ccd70bfd4b5fef6ca (git) Affected: 2d07dc79fe04a43d82a346ced6bbf07bdb523f1b , < 1ca1ba465e55b9460e4e75dec9fff31e708fec74 (git) |
|
| Linux | Linux |
Affected:
4.2
Unaffected: 0 , < 4.2 (semver) Unaffected: 4.19.310 , ≤ 4.19.* (semver) Unaffected: 5.4.272 , ≤ 5.4.* (semver) Unaffected: 5.10.213 , ≤ 5.10.* (semver) Unaffected: 5.15.152 , ≤ 5.15.* (semver) Unaffected: 6.1.82 , ≤ 6.1.* (semver) Unaffected: 6.6.22 , ≤ 6.6.* (semver) Unaffected: 6.7.10 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T17:32:22.775976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:53:14.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e431c3227864b5646601c97f5f898d99472f2914"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/59d2a4076983303f324557a114cfd5c32e1f6b29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7137900691f5692fe3de54566ea7b30bb35d66c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e77e0b0f2a11735c64b105edaee54d6344faca8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0b22568a9d8384fd000cc49acb8f74bde40d1b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0ece581d2a66e8e488c0d3b3e7b5760dbbfdbdd5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/048e16dee1fc609c1c85072ccd70bfd4b5fef6ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ca1ba465e55b9460e4e75dec9fff31e708fec74"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/geneve.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e431c3227864b5646601c97f5f898d99472f2914",
"status": "affected",
"version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
"versionType": "git"
},
{
"lessThan": "59d2a4076983303f324557a114cfd5c32e1f6b29",
"status": "affected",
"version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
"versionType": "git"
},
{
"lessThan": "c7137900691f5692fe3de54566ea7b30bb35d66c",
"status": "affected",
"version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
"versionType": "git"
},
{
"lessThan": "e77e0b0f2a11735c64b105edaee54d6344faca8a",
"status": "affected",
"version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
"versionType": "git"
},
{
"lessThan": "c0b22568a9d8384fd000cc49acb8f74bde40d1b5",
"status": "affected",
"version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
"versionType": "git"
},
{
"lessThan": "0ece581d2a66e8e488c0d3b3e7b5760dbbfdbdd5",
"status": "affected",
"version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
"versionType": "git"
},
{
"lessThan": "048e16dee1fc609c1c85072ccd70bfd4b5fef6ca",
"status": "affected",
"version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
"versionType": "git"
},
{
"lessThan": "1ca1ba465e55b9460e4e75dec9fff31e708fec74",
"status": "affected",
"version": "2d07dc79fe04a43d82a346ced6bbf07bdb523f1b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/geneve.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.310",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.310",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.272",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.82",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.22",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.10",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: make sure to pull inner header in geneve_rx()\n\nsyzbot triggered a bug in geneve_rx() [1]\n\nIssue is similar to the one I fixed in commit 8d975c15c0cd\n(\"ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\")\n\nWe have to save skb-\u003enetwork_header in a temporary variable\nin order to be able to recompute the network_header pointer\nafter a pskb_inet_may_pull() call.\n\npskb_inet_may_pull() makes sure the needed headers are in skb-\u003ehead.\n\n[1]\nBUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n BUG: KMSAN: uninit-value in geneve_rx drivers/net/geneve.c:279 [inline]\n BUG: KMSAN: uninit-value in geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391\n IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n geneve_rx drivers/net/geneve.c:279 [inline]\n geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391\n udp_queue_rcv_one_skb+0x1d39/0x1f20 net/ipv4/udp.c:2108\n udp_queue_rcv_skb+0x6ae/0x6e0 net/ipv4/udp.c:2186\n udp_unicast_rcv_skb+0x184/0x4b0 net/ipv4/udp.c:2346\n __udp4_lib_rcv+0x1c6b/0x3010 net/ipv4/udp.c:2422\n udp_rcv+0x7d/0xa0 net/ipv4/udp.c:2604\n ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254\n dst_input include/net/dst.h:461 [inline]\n ip_rcv_finish net/ipv4/ip_input.c:449 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core net/core/dev.c:5534 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648\n process_backlog+0x480/0x8b0 net/core/dev.c:5976\n __napi_poll+0xe3/0x980 net/core/dev.c:6576\n napi_poll net/core/dev.c:6645 [inline]\n net_rx_action+0x8b8/0x1870 net/core/dev.c:6778\n __do_softirq+0x1b7/0x7c5 kernel/softirq.c:553\n do_softirq+0x9a/0xf0 kernel/softirq.c:454\n __local_bh_enable_ip+0x9b/0xa0 kernel/softirq.c:381\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:820 [inline]\n __dev_queue_xmit+0x2768/0x51c0 net/core/dev.c:4378\n dev_queue_xmit include/linux/netdevice.h:3171 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3081 [inline]\n packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3819 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x5cb/0xbc0 mm/slub.c:3903\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n __alloc_skb+0x352/0x790 net/core/skbuff.c:651\n alloc_skb include/linux/skbuff.h:1296 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6394\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2783\n packet_alloc_skb net/packet/af_packet.c:2930 [inline]\n packet_snd net/packet/af_packet.c:3024 [inline]\n packet_sendmsg+0x70c2/0x9f10 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:05:28.448Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e431c3227864b5646601c97f5f898d99472f2914"
},
{
"url": "https://git.kernel.org/stable/c/59d2a4076983303f324557a114cfd5c32e1f6b29"
},
{
"url": "https://git.kernel.org/stable/c/c7137900691f5692fe3de54566ea7b30bb35d66c"
},
{
"url": "https://git.kernel.org/stable/c/e77e0b0f2a11735c64b105edaee54d6344faca8a"
},
{
"url": "https://git.kernel.org/stable/c/c0b22568a9d8384fd000cc49acb8f74bde40d1b5"
},
{
"url": "https://git.kernel.org/stable/c/0ece581d2a66e8e488c0d3b3e7b5760dbbfdbdd5"
},
{
"url": "https://git.kernel.org/stable/c/048e16dee1fc609c1c85072ccd70bfd4b5fef6ca"
},
{
"url": "https://git.kernel.org/stable/c/1ca1ba465e55b9460e4e75dec9fff31e708fec74"
}
],
"title": "geneve: make sure to pull inner header in geneve_rx()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26857",
"datePublished": "2024-04-17T10:17:19.115Z",
"dateReserved": "2024-02-19T14:20:24.183Z",
"dateUpdated": "2026-05-11T20:05:28.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26882 (GCVE-0-2024-26882)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2026-05-12 11:50
VLAI
EPSS
Title
net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
Apply the same fix than ones found in :
8d975c15c0cd ("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()")
1ca1ba465e55 ("geneve: make sure to pull inner header in geneve_rx()")
We have to save skb->network_header in a temporary variable
in order to be able to recompute the network_header pointer
after a pskb_inet_may_pull() call.
pskb_inet_may_pull() makes sure the needed headers are in skb->head.
syzbot reported:
BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]
BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]
BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]
BUG: KMSAN: uninit-value in ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409
__INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]
INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]
IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]
ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409
__ipgre_rcv+0x9bc/0xbc0 net/ipv4/ip_gre.c:389
ipgre_rcv net/ipv4/ip_gre.c:411 [inline]
gre_rcv+0x423/0x19f0 net/ipv4/ip_gre.c:447
gre_rcv+0x2a4/0x390 net/ipv4/gre_demux.c:163
ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233
NF_HOOK include/linux/netfilter.h:314 [inline]
ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254
dst_input include/net/dst.h:461 [inline]
ip_rcv_finish net/ipv4/ip_input.c:449 [inline]
NF_HOOK include/linux/netfilter.h:314 [inline]
ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569
__netif_receive_skb_one_core net/core/dev.c:5534 [inline]
__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648
netif_receive_skb_internal net/core/dev.c:5734 [inline]
netif_receive_skb+0x58/0x660 net/core/dev.c:5793
tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1556
tun_get_user+0x53b9/0x66e0 drivers/net/tun.c:2009
tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055
call_write_iter include/linux/fs.h:2087 [inline]
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0xb6b/0x1520 fs/read_write.c:590
ksys_write+0x20f/0x4c0 fs/read_write.c:643
__do_sys_write fs/read_write.c:655 [inline]
__se_sys_write fs/read_write.c:652 [inline]
__x64_sys_write+0x93/0xd0 fs/read_write.c:652
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
__alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590
alloc_pages_mpol+0x62b/0x9d0 mm/mempolicy.c:2133
alloc_pages+0x1be/0x1e0 mm/mempolicy.c:2204
skb_page_frag_refill+0x2bf/0x7c0 net/core/sock.c:2909
tun_build_skb drivers/net/tun.c:1686 [inline]
tun_get_user+0xe0a/0x66e0 drivers/net/tun.c:1826
tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055
call_write_iter include/linux/fs.h:2087 [inline]
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0xb6b/0x1520 fs/read_write.c:590
ksys_write+0x20f/0x4c0 fs/read_write.c:643
__do_sys_write fs/read_write.c:655 [inline]
__se_sys_write fs/read_write.c:652 [inline]
__x64_sys_write+0x93/0xd0 fs/read_write.c:652
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c54419321455631079c7d6e60bc732dd0c5914c5 , < ec6bb01e02cbd47781dd90775b631a1dc4bd9d2b
(git)
Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < 77fd5294ea09b21f6772ac954a121b87323cec80 (git) Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < 5c03387021cfa3336b97e0dcba38029917a8af2a (git) Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < 60044ab84836359534bd7153b92e9c1584140e4a (git) Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < c4c857723b37c20651300b3de4ff25059848b4b0 (git) Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < f6723d8dbfdc10c784a56748f86a9a3cd410dbd5 (git) Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < ca914f1cdee8a85799942c9b0ce5015bbd6844e1 (git) Affected: c54419321455631079c7d6e60bc732dd0c5914c5 , < b0ec2abf98267f14d032102551581c833b0659d3 (git) |
|
| Linux | Linux |
Affected:
3.10
Unaffected: 0 , < 3.10 (semver) Unaffected: 5.4.273 , ≤ 5.4.* (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26882",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T18:00:36.614107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:14:07.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-12-20T13:06:43.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec6bb01e02cbd47781dd90775b631a1dc4bd9d2b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/77fd5294ea09b21f6772ac954a121b87323cec80"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c03387021cfa3336b97e0dcba38029917a8af2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/60044ab84836359534bd7153b92e9c1584140e4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c4c857723b37c20651300b3de4ff25059848b4b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6723d8dbfdc10c784a56748f86a9a3cd410dbd5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca914f1cdee8a85799942c9b0ce5015bbd6844e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0ec2abf98267f14d032102551581c833b0659d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241220-0002/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:50:05.762Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_tunnel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ec6bb01e02cbd47781dd90775b631a1dc4bd9d2b",
"status": "affected",
"version": "c54419321455631079c7d6e60bc732dd0c5914c5",
"versionType": "git"
},
{
"lessThan": "77fd5294ea09b21f6772ac954a121b87323cec80",
"status": "affected",
"version": "c54419321455631079c7d6e60bc732dd0c5914c5",
"versionType": "git"
},
{
"lessThan": "5c03387021cfa3336b97e0dcba38029917a8af2a",
"status": "affected",
"version": "c54419321455631079c7d6e60bc732dd0c5914c5",
"versionType": "git"
},
{
"lessThan": "60044ab84836359534bd7153b92e9c1584140e4a",
"status": "affected",
"version": "c54419321455631079c7d6e60bc732dd0c5914c5",
"versionType": "git"
},
{
"lessThan": "c4c857723b37c20651300b3de4ff25059848b4b0",
"status": "affected",
"version": "c54419321455631079c7d6e60bc732dd0c5914c5",
"versionType": "git"
},
{
"lessThan": "f6723d8dbfdc10c784a56748f86a9a3cd410dbd5",
"status": "affected",
"version": "c54419321455631079c7d6e60bc732dd0c5914c5",
"versionType": "git"
},
{
"lessThan": "ca914f1cdee8a85799942c9b0ce5015bbd6844e1",
"status": "affected",
"version": "c54419321455631079c7d6e60bc732dd0c5914c5",
"versionType": "git"
},
{
"lessThan": "b0ec2abf98267f14d032102551581c833b0659d3",
"status": "affected",
"version": "c54419321455631079c7d6e60bc732dd0c5914c5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_tunnel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.10"
},
{
"lessThan": "3.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()\n\nApply the same fix than ones found in :\n\n8d975c15c0cd (\"ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\")\n1ca1ba465e55 (\"geneve: make sure to pull inner header in geneve_rx()\")\n\nWe have to save skb-\u003enetwork_header in a temporary variable\nin order to be able to recompute the network_header pointer\nafter a pskb_inet_may_pull() call.\n\npskb_inet_may_pull() makes sure the needed headers are in skb-\u003ehead.\n\nsyzbot reported:\nBUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n BUG: KMSAN: uninit-value in ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409\n __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409\n __ipgre_rcv+0x9bc/0xbc0 net/ipv4/ip_gre.c:389\n ipgre_rcv net/ipv4/ip_gre.c:411 [inline]\n gre_rcv+0x423/0x19f0 net/ipv4/ip_gre.c:447\n gre_rcv+0x2a4/0x390 net/ipv4/gre_demux.c:163\n ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254\n dst_input include/net/dst.h:461 [inline]\n ip_rcv_finish net/ipv4/ip_input.c:449 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core net/core/dev.c:5534 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648\n netif_receive_skb_internal net/core/dev.c:5734 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5793\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1556\n tun_get_user+0x53b9/0x66e0 drivers/net/tun.c:2009\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055\n call_write_iter include/linux/fs.h:2087 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xb6b/0x1520 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n alloc_pages_mpol+0x62b/0x9d0 mm/mempolicy.c:2133\n alloc_pages+0x1be/0x1e0 mm/mempolicy.c:2204\n skb_page_frag_refill+0x2bf/0x7c0 net/core/sock.c:2909\n tun_build_skb drivers/net/tun.c:1686 [inline]\n tun_get_user+0xe0a/0x66e0 drivers/net/tun.c:1826\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055\n call_write_iter include/linux/fs.h:2087 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xb6b/0x1520 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:06:06.712Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ec6bb01e02cbd47781dd90775b631a1dc4bd9d2b"
},
{
"url": "https://git.kernel.org/stable/c/77fd5294ea09b21f6772ac954a121b87323cec80"
},
{
"url": "https://git.kernel.org/stable/c/5c03387021cfa3336b97e0dcba38029917a8af2a"
},
{
"url": "https://git.kernel.org/stable/c/60044ab84836359534bd7153b92e9c1584140e4a"
},
{
"url": "https://git.kernel.org/stable/c/c4c857723b37c20651300b3de4ff25059848b4b0"
},
{
"url": "https://git.kernel.org/stable/c/f6723d8dbfdc10c784a56748f86a9a3cd410dbd5"
},
{
"url": "https://git.kernel.org/stable/c/ca914f1cdee8a85799942c9b0ce5015bbd6844e1"
},
{
"url": "https://git.kernel.org/stable/c/b0ec2abf98267f14d032102551581c833b0659d3"
}
],
"title": "net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26882",
"datePublished": "2024-04-17T10:27:38.389Z",
"dateReserved": "2024-02-19T14:20:24.185Z",
"dateUpdated": "2026-05-12T11:50:05.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26884 (GCVE-0-2024-26884)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2026-05-12 11:50
VLAI
EPSS
Title
bpf: Fix hashtab overflow check on 32-bit arches
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix hashtab overflow check on 32-bit arches
The hashtab code relies on roundup_pow_of_two() to compute the number of
hash buckets, and contains an overflow check by checking if the
resulting value is 0. However, on 32-bit arches, the roundup code itself
can overflow by doing a 32-bit left-shift of an unsigned long value,
which is undefined behaviour, so it is not guaranteed to truncate
neatly. This was triggered by syzbot on the DEVMAP_HASH type, which
contains the same check, copied from the hashtab code. So apply the same
fix to hashtab, by moving the overflow check to before the roundup.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
12 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
daaf427c6ab392bedcd018e326b2ffa1e1110cd6 , < 33ec04cadb77605b71d9298311919303d390c4d5
(git)
Affected: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 , < 92c81fbb3ed2e0dfc33a4183a67135e1ab566ace (git) Affected: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 , < 64f00b4df0597590b199b62a37a165473bf658a6 (git) Affected: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 , < 3b08cfc65f07b1132c1979d73f014ae6e04de55d (git) Affected: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 , < a83fdaeaea3677b83a53f72ace2d73a19bcd6d93 (git) Affected: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 , < 8435f0961bf3dc65e204094349bd9aeaac1f8868 (git) Affected: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 , < d817f0d34d927f2deb17dadbfe212c9a6a32ac3e (git) Affected: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 , < a6fa75b5096c0f9826a4fabe22d907b0a5bb1016 (git) Affected: daaf427c6ab392bedcd018e326b2ffa1e1110cd6 , < 6787d916c2cf9850c97a0a3f73e08c43e7d973b1 (git) |
|
| Linux | Linux |
Affected:
3.19
Unaffected: 0 , < 3.19 (semver) Unaffected: 4.19.311 , ≤ 4.19.* (semver) Unaffected: 5.4.273 , ≤ 5.4.* (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T19:28:25.440727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T19:29:01.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/33ec04cadb77605b71d9298311919303d390c4d5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/92c81fbb3ed2e0dfc33a4183a67135e1ab566ace"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64f00b4df0597590b199b62a37a165473bf658a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b08cfc65f07b1132c1979d73f014ae6e04de55d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a83fdaeaea3677b83a53f72ace2d73a19bcd6d93"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8435f0961bf3dc65e204094349bd9aeaac1f8868"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d817f0d34d927f2deb17dadbfe212c9a6a32ac3e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6fa75b5096c0f9826a4fabe22d907b0a5bb1016"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6787d916c2cf9850c97a0a3f73e08c43e7d973b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:50:08.157Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/hashtab.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "33ec04cadb77605b71d9298311919303d390c4d5",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
},
{
"lessThan": "92c81fbb3ed2e0dfc33a4183a67135e1ab566ace",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
},
{
"lessThan": "64f00b4df0597590b199b62a37a165473bf658a6",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
},
{
"lessThan": "3b08cfc65f07b1132c1979d73f014ae6e04de55d",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
},
{
"lessThan": "a83fdaeaea3677b83a53f72ace2d73a19bcd6d93",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
},
{
"lessThan": "8435f0961bf3dc65e204094349bd9aeaac1f8868",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
},
{
"lessThan": "d817f0d34d927f2deb17dadbfe212c9a6a32ac3e",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
},
{
"lessThan": "a6fa75b5096c0f9826a4fabe22d907b0a5bb1016",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
},
{
"lessThan": "6787d916c2cf9850c97a0a3f73e08c43e7d973b1",
"status": "affected",
"version": "daaf427c6ab392bedcd018e326b2ffa1e1110cd6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/hashtab.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix hashtab overflow check on 32-bit arches\n\nThe hashtab code relies on roundup_pow_of_two() to compute the number of\nhash buckets, and contains an overflow check by checking if the\nresulting value is 0. However, on 32-bit arches, the roundup code itself\ncan overflow by doing a 32-bit left-shift of an unsigned long value,\nwhich is undefined behaviour, so it is not guaranteed to truncate\nneatly. This was triggered by syzbot on the DEVMAP_HASH type, which\ncontains the same check, copied from the hashtab code. So apply the same\nfix to hashtab, by moving the overflow check to before the roundup."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:06:09.071Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/33ec04cadb77605b71d9298311919303d390c4d5"
},
{
"url": "https://git.kernel.org/stable/c/92c81fbb3ed2e0dfc33a4183a67135e1ab566ace"
},
{
"url": "https://git.kernel.org/stable/c/64f00b4df0597590b199b62a37a165473bf658a6"
},
{
"url": "https://git.kernel.org/stable/c/3b08cfc65f07b1132c1979d73f014ae6e04de55d"
},
{
"url": "https://git.kernel.org/stable/c/a83fdaeaea3677b83a53f72ace2d73a19bcd6d93"
},
{
"url": "https://git.kernel.org/stable/c/8435f0961bf3dc65e204094349bd9aeaac1f8868"
},
{
"url": "https://git.kernel.org/stable/c/d817f0d34d927f2deb17dadbfe212c9a6a32ac3e"
},
{
"url": "https://git.kernel.org/stable/c/a6fa75b5096c0f9826a4fabe22d907b0a5bb1016"
},
{
"url": "https://git.kernel.org/stable/c/6787d916c2cf9850c97a0a3f73e08c43e7d973b1"
}
],
"title": "bpf: Fix hashtab overflow check on 32-bit arches",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26884",
"datePublished": "2024-04-17T10:27:39.672Z",
"dateReserved": "2024-02-19T14:20:24.185Z",
"dateUpdated": "2026-05-12T11:50:08.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26886 (GCVE-0-2024-26886)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2026-06-01 16:04
VLAI
EPSS
Title
Bluetooth: af_bluetooth: Fix deadlock
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: af_bluetooth: Fix deadlock
Attemting to do sock_lock on .recvmsg may cause a deadlock as shown
bellow, so instead of using sock_sock this uses sk_receive_queue.lock
on bt_sock_ioctl to avoid the UAF:
INFO: task kworker/u9:1:121 blocked for more than 30 seconds.
Not tainted 6.7.6-lemon #183
Workqueue: hci0 hci_rx_work
Call Trace:
<TASK>
__schedule+0x37d/0xa00
schedule+0x32/0xe0
__lock_sock+0x68/0xa0
? __pfx_autoremove_wake_function+0x10/0x10
lock_sock_nested+0x43/0x50
l2cap_sock_recv_cb+0x21/0xa0
l2cap_recv_frame+0x55b/0x30a0
? psi_task_switch+0xeb/0x270
? finish_task_switch.isra.0+0x93/0x2a0
hci_rx_work+0x33a/0x3f0
process_one_work+0x13a/0x2f0
worker_thread+0x2f0/0x410
? __pfx_worker_thread+0x10/0x10
kthread+0xe0/0x110
? __pfx_kthread+0x10/0x10
ret_from_fork+0x2c/0x50
? __pfx_kthread+0x10/0x10
ret_from_fork_asm+0x1b/0x30
</TASK>
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2b16d960c79abc397f102c3d23d30005b68cb036 , < 60673f442984fe689d4127a5dd4be414247b3d67
(git)
Affected: 1d576c3a5af850bf11fbd103f9ba11aa6d6061fb , < 64be3c6154886200708da0dfe259705fb992416c (git) Affected: 2e07e8348ea454615e268222ae3fc240421be768 , < 817e8138ce86001b2fa5c63d6ede756e205a01f7 (git) Affected: 2e07e8348ea454615e268222ae3fc240421be768 , < 2c9e2df022ef8b9d7fac58a04a2ef4ed25288955 (git) Affected: 2e07e8348ea454615e268222ae3fc240421be768 , < f7b94bdc1ec107c92262716b073b3e816d4784fb (git) Affected: db1b14eec8c61a20374de9f9c2ddc6c9406a8c42 (git) Affected: 37f71e2c9f515834841826f4eb68ec33cfb2a1ff (git) Affected: 5.15.146 , < 5.15.209 (semver) Affected: 6.6.9 , < 6.6.23 (semver) Affected: 5.10.206 , < 5.11 (semver) Affected: 6.1.70 , < 6.2 (semver) |
|
| Linux | Linux |
Affected:
6.7
Unaffected: 0 , < 6.7 (semver) Unaffected: 5.15.209 , ≤ 5.15.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:41:20.868479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T17:57:18.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:04.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb8adca52f306563d958a863bb0cbae9c184d1ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64be3c6154886200708da0dfe259705fb992416c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/817e8138ce86001b2fa5c63d6ede756e205a01f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c9e2df022ef8b9d7fac58a04a2ef4ed25288955"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f7b94bdc1ec107c92262716b073b3e816d4784fb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/af_bluetooth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "60673f442984fe689d4127a5dd4be414247b3d67",
"status": "affected",
"version": "2b16d960c79abc397f102c3d23d30005b68cb036",
"versionType": "git"
},
{
"lessThan": "64be3c6154886200708da0dfe259705fb992416c",
"status": "affected",
"version": "1d576c3a5af850bf11fbd103f9ba11aa6d6061fb",
"versionType": "git"
},
{
"lessThan": "817e8138ce86001b2fa5c63d6ede756e205a01f7",
"status": "affected",
"version": "2e07e8348ea454615e268222ae3fc240421be768",
"versionType": "git"
},
{
"lessThan": "2c9e2df022ef8b9d7fac58a04a2ef4ed25288955",
"status": "affected",
"version": "2e07e8348ea454615e268222ae3fc240421be768",
"versionType": "git"
},
{
"lessThan": "f7b94bdc1ec107c92262716b073b3e816d4784fb",
"status": "affected",
"version": "2e07e8348ea454615e268222ae3fc240421be768",
"versionType": "git"
},
{
"status": "affected",
"version": "db1b14eec8c61a20374de9f9c2ddc6c9406a8c42",
"versionType": "git"
},
{
"status": "affected",
"version": "37f71e2c9f515834841826f4eb68ec33cfb2a1ff",
"versionType": "git"
},
{
"lessThan": "5.15.209",
"status": "affected",
"version": "5.15.146",
"versionType": "semver"
},
{
"lessThan": "6.6.23",
"status": "affected",
"version": "6.6.9",
"versionType": "semver"
},
{
"lessThan": "5.11",
"status": "affected",
"version": "5.10.206",
"versionType": "semver"
},
{
"lessThan": "6.2",
"status": "affected",
"version": "6.1.70",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/af_bluetooth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.209",
"versionStartIncluding": "5.15.146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "6.6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: af_bluetooth: Fix deadlock\n\nAttemting to do sock_lock on .recvmsg may cause a deadlock as shown\nbellow, so instead of using sock_sock this uses sk_receive_queue.lock\non bt_sock_ioctl to avoid the UAF:\n\nINFO: task kworker/u9:1:121 blocked for more than 30 seconds.\n Not tainted 6.7.6-lemon #183\nWorkqueue: hci0 hci_rx_work\nCall Trace:\n \u003cTASK\u003e\n __schedule+0x37d/0xa00\n schedule+0x32/0xe0\n __lock_sock+0x68/0xa0\n ? __pfx_autoremove_wake_function+0x10/0x10\n lock_sock_nested+0x43/0x50\n l2cap_sock_recv_cb+0x21/0xa0\n l2cap_recv_frame+0x55b/0x30a0\n ? psi_task_switch+0xeb/0x270\n ? finish_task_switch.isra.0+0x93/0x2a0\n hci_rx_work+0x33a/0x3f0\n process_one_work+0x13a/0x2f0\n worker_thread+0x2f0/0x410\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe0/0x110\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2c/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:04:31.416Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/60673f442984fe689d4127a5dd4be414247b3d67"
},
{
"url": "https://git.kernel.org/stable/c/64be3c6154886200708da0dfe259705fb992416c"
},
{
"url": "https://git.kernel.org/stable/c/817e8138ce86001b2fa5c63d6ede756e205a01f7"
},
{
"url": "https://git.kernel.org/stable/c/2c9e2df022ef8b9d7fac58a04a2ef4ed25288955"
},
{
"url": "https://git.kernel.org/stable/c/f7b94bdc1ec107c92262716b073b3e816d4784fb"
}
],
"title": "Bluetooth: af_bluetooth: Fix deadlock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26886",
"datePublished": "2024-04-17T10:27:40.941Z",
"dateReserved": "2024-02-19T14:20:24.185Z",
"dateUpdated": "2026-06-01T16:04:31.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26900 (GCVE-0-2024-26900)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2026-05-11 20:06
VLAI
EPSS
Title
md: fix kmemleak of rdev->serial
Summary
In the Linux kernel, the following vulnerability has been resolved:
md: fix kmemleak of rdev->serial
If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be
alloc not be freed, and kmemleak occurs.
unreferenced object 0xffff88815a350000 (size 49152):
comm "mdadm", pid 789, jiffies 4294716910
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc f773277a):
[<0000000058b0a453>] kmemleak_alloc+0x61/0xe0
[<00000000366adf14>] __kmalloc_large_node+0x15e/0x270
[<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f
[<00000000f206d60a>] kvmalloc_node+0x74/0x150
[<0000000034bf3363>] rdev_init_serial+0x67/0x170
[<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220
[<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630
[<0000000073c28560>] md_add_new_disk+0x400/0x9f0
[<00000000770e30ff>] md_ioctl+0x15bf/0x1c10
[<000000006cfab718>] blkdev_ioctl+0x191/0x3f0
[<0000000085086a11>] vfs_ioctl+0x22/0x60
[<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0
[<00000000e54e675e>] do_syscall_64+0x71/0x150
[<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
963c555e75b033202dd76cf6325a7b7c83d08d5f , < fb5b347efd1bda989846ffc74679d181222fb123
(git)
Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < f3a1787dc48213f6caea5ba7d47e0222e7fa34a9 (git) Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9 (git) Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < 9fd0198f7ef06ae0d6636fb0578560857dead995 (git) Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < 6d32c832a88513f65c2c2c9c75954ee8b387adea (git) Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < 4c1021ce46fc2fb6115f7e79d353941e6dcad366 (git) Affected: 963c555e75b033202dd76cf6325a7b7c83d08d5f , < 6cf350658736681b9d6b0b6e58c5c76b235bb4c4 (git) |
|
| Linux | Linux |
Affected:
5.3
Unaffected: 0 , < 5.3 (semver) Unaffected: 5.10.217 , ≤ 5.10.* (semver) Unaffected: 5.15.159 , ≤ 5.15.* (semver) Unaffected: 6.1.91 , ≤ 6.1.* (semver) Unaffected: 6.6.31 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-12T16:02:57.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240912-0011/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:48:06.560564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:23.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/md.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fb5b347efd1bda989846ffc74679d181222fb123",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "f3a1787dc48213f6caea5ba7d47e0222e7fa34a9",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "9fd0198f7ef06ae0d6636fb0578560857dead995",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "6d32c832a88513f65c2c2c9c75954ee8b387adea",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "4c1021ce46fc2fb6115f7e79d353941e6dcad366",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
},
{
"lessThan": "6cf350658736681b9d6b0b6e58c5c76b235bb4c4",
"status": "affected",
"version": "963c555e75b033202dd76cf6325a7b7c83d08d5f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/md.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.217",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.91",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.31",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix kmemleak of rdev-\u003eserial\n\nIf kobject_add() is fail in bind_rdev_to_array(), \u0027rdev-\u003eserial\u0027 will be\nalloc not be freed, and kmemleak occurs.\n\nunreferenced object 0xffff88815a350000 (size 49152):\n comm \"mdadm\", pid 789, jiffies 4294716910\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc f773277a):\n [\u003c0000000058b0a453\u003e] kmemleak_alloc+0x61/0xe0\n [\u003c00000000366adf14\u003e] __kmalloc_large_node+0x15e/0x270\n [\u003c000000002e82961b\u003e] __kmalloc_node.cold+0x11/0x7f\n [\u003c00000000f206d60a\u003e] kvmalloc_node+0x74/0x150\n [\u003c0000000034bf3363\u003e] rdev_init_serial+0x67/0x170\n [\u003c0000000010e08fe9\u003e] mddev_create_serial_pool+0x62/0x220\n [\u003c00000000c3837bf0\u003e] bind_rdev_to_array+0x2af/0x630\n [\u003c0000000073c28560\u003e] md_add_new_disk+0x400/0x9f0\n [\u003c00000000770e30ff\u003e] md_ioctl+0x15bf/0x1c10\n [\u003c000000006cfab718\u003e] blkdev_ioctl+0x191/0x3f0\n [\u003c0000000085086a11\u003e] vfs_ioctl+0x22/0x60\n [\u003c0000000018b656fe\u003e] __x64_sys_ioctl+0xba/0xe0\n [\u003c00000000e54e675e\u003e] do_syscall_64+0x71/0x150\n [\u003c000000008b0ad622\u003e] entry_SYSCALL_64_after_hwframe+0x6c/0x74"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:06:35.615Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123"
},
{
"url": "https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9"
},
{
"url": "https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9"
},
{
"url": "https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995"
},
{
"url": "https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea"
},
{
"url": "https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366"
},
{
"url": "https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4"
}
],
"title": "md: fix kmemleak of rdev-\u003eserial",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26900",
"datePublished": "2024-04-17T10:27:49.707Z",
"dateReserved": "2024-02-19T14:20:24.187Z",
"dateUpdated": "2026-05-11T20:06:35.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26901 (GCVE-0-2024-26901)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2026-05-12 11:50
VLAI
EPSS
Title
do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
Summary
In the Linux kernel, the following vulnerability has been resolved:
do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
syzbot identified a kernel information leak vulnerability in
do_sys_name_to_handle() and issued the following report [1].
[1]
"BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40
instrument_copy_to_user include/linux/instrumented.h:114 [inline]
_copy_to_user+0xbc/0x100 lib/usercopy.c:40
copy_to_user include/linux/uaccess.h:191 [inline]
do_sys_name_to_handle fs/fhandle.c:73 [inline]
__do_sys_name_to_handle_at fs/fhandle.c:112 [inline]
__se_sys_name_to_handle_at+0x949/0xb10 fs/fhandle.c:94
__x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94
...
Uninit was created at:
slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
slab_alloc_node mm/slub.c:3478 [inline]
__kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517
__do_kmalloc_node mm/slab_common.c:1006 [inline]
__kmalloc+0x121/0x3c0 mm/slab_common.c:1020
kmalloc include/linux/slab.h:604 [inline]
do_sys_name_to_handle fs/fhandle.c:39 [inline]
__do_sys_name_to_handle_at fs/fhandle.c:112 [inline]
__se_sys_name_to_handle_at+0x441/0xb10 fs/fhandle.c:94
__x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94
...
Bytes 18-19 of 20 are uninitialized
Memory access of size 20 starts at ffff888128a46380
Data copied to user address 0000000020000240"
Per Chuck Lever's suggestion, use kzalloc() instead of kmalloc() to
solve the problem.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
13 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
990d6c2d7aee921e3bce22b2d6a750fd552262be , < 4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1
(git)
Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < 772a7def9868091da3bcb0d6c6ff9f0c03d7fa8b (git) Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < cde76b3af247f615447bcfecf610bb76c3529126 (git) Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < 423b6bdf19bbc5e1f7e7461045099917378f7e71 (git) Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < e6450d5e46a737a008b4885aa223486113bf0ad6 (git) Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < c1362eae861db28b1608b9dc23e49634fe87b63b (git) Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < cba138f1ef37ec6f961baeab62f312dedc7cf730 (git) Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < bf9ec1b24ab4e94345aa1c60811dd329f069c38b (git) Affected: 990d6c2d7aee921e3bce22b2d6a750fd552262be , < 3948abaa4e2be938ccdfc289385a27342fb13d43 (git) |
|
| Linux | Linux |
Affected:
2.6.39
Unaffected: 0 , < 2.6.39 (semver) Unaffected: 4.19.311 , ≤ 4.19.* (semver) Unaffected: 5.4.273 , ≤ 5.4.* (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T15:11:22.418196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T19:03:33.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/772a7def9868091da3bcb0d6c6ff9f0c03d7fa8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cde76b3af247f615447bcfecf610bb76c3529126"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/423b6bdf19bbc5e1f7e7461045099917378f7e71"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e6450d5e46a737a008b4885aa223486113bf0ad6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1362eae861db28b1608b9dc23e49634fe87b63b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cba138f1ef37ec6f961baeab62f312dedc7cf730"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bf9ec1b24ab4e94345aa1c60811dd329f069c38b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3948abaa4e2be938ccdfc289385a27342fb13d43"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:50:28.880Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/fhandle.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "772a7def9868091da3bcb0d6c6ff9f0c03d7fa8b",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "cde76b3af247f615447bcfecf610bb76c3529126",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "423b6bdf19bbc5e1f7e7461045099917378f7e71",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "e6450d5e46a737a008b4885aa223486113bf0ad6",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "c1362eae861db28b1608b9dc23e49634fe87b63b",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "cba138f1ef37ec6f961baeab62f312dedc7cf730",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "bf9ec1b24ab4e94345aa1c60811dd329f069c38b",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
},
{
"lessThan": "3948abaa4e2be938ccdfc289385a27342fb13d43",
"status": "affected",
"version": "990d6c2d7aee921e3bce22b2d6a750fd552262be",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/fhandle.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.39"
},
{
"lessThan": "2.6.39",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak\n\nsyzbot identified a kernel information leak vulnerability in\ndo_sys_name_to_handle() and issued the following report [1].\n\n[1]\n\"BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n _copy_to_user+0xbc/0x100 lib/usercopy.c:40\n copy_to_user include/linux/uaccess.h:191 [inline]\n do_sys_name_to_handle fs/fhandle.c:73 [inline]\n __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]\n __se_sys_name_to_handle_at+0x949/0xb10 fs/fhandle.c:94\n __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94\n ...\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517\n __do_kmalloc_node mm/slab_common.c:1006 [inline]\n __kmalloc+0x121/0x3c0 mm/slab_common.c:1020\n kmalloc include/linux/slab.h:604 [inline]\n do_sys_name_to_handle fs/fhandle.c:39 [inline]\n __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]\n __se_sys_name_to_handle_at+0x441/0xb10 fs/fhandle.c:94\n __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94\n ...\n\nBytes 18-19 of 20 are uninitialized\nMemory access of size 20 starts at ffff888128a46380\nData copied to user address 0000000020000240\"\n\nPer Chuck Lever\u0027s suggestion, use kzalloc() instead of kmalloc() to\nsolve the problem."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:06:36.908Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4bac28f441e3cc9d3f1a84c8d023228a68d8a7c1"
},
{
"url": "https://git.kernel.org/stable/c/772a7def9868091da3bcb0d6c6ff9f0c03d7fa8b"
},
{
"url": "https://git.kernel.org/stable/c/cde76b3af247f615447bcfecf610bb76c3529126"
},
{
"url": "https://git.kernel.org/stable/c/423b6bdf19bbc5e1f7e7461045099917378f7e71"
},
{
"url": "https://git.kernel.org/stable/c/e6450d5e46a737a008b4885aa223486113bf0ad6"
},
{
"url": "https://git.kernel.org/stable/c/c1362eae861db28b1608b9dc23e49634fe87b63b"
},
{
"url": "https://git.kernel.org/stable/c/cba138f1ef37ec6f961baeab62f312dedc7cf730"
},
{
"url": "https://git.kernel.org/stable/c/bf9ec1b24ab4e94345aa1c60811dd329f069c38b"
},
{
"url": "https://git.kernel.org/stable/c/3948abaa4e2be938ccdfc289385a27342fb13d43"
}
],
"title": "do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26901",
"datePublished": "2024-04-17T10:27:50.374Z",
"dateReserved": "2024-02-19T14:20:24.187Z",
"dateUpdated": "2026-05-12T11:50:28.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26923 (GCVE-0-2024-26923)
Vulnerability from cvelistv5 – Published: 2024-04-24 21:49 – Updated: 2026-05-12 11:50
VLAI
EPSS
Title
af_unix: Fix garbage collector racing against connect()
Summary
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Fix garbage collector racing against connect()
Garbage collector does not take into account the risk of embryo getting
enqueued during the garbage collection. If such embryo has a peer that
carries SCM_RIGHTS, two consecutive passes of scan_children() may see a
different set of children. Leading to an incorrectly elevated inflight
count, and then a dangling pointer within the gc_inflight_list.
sockets are AF_UNIX/SOCK_STREAM
S is an unconnected socket
L is a listening in-flight socket bound to addr, not in fdtable
V's fd will be passed via sendmsg(), gets inflight count bumped
connect(S, addr) sendmsg(S, [V]); close(V) __unix_gc()
---------------- ------------------------- -----------
NS = unix_create1()
skb1 = sock_wmalloc(NS)
L = unix_find_other(addr)
unix_state_lock(L)
unix_peer(S) = NS
// V count=1 inflight=0
NS = unix_peer(S)
skb2 = sock_alloc()
skb_queue_tail(NS, skb2[V])
// V became in-flight
// V count=2 inflight=1
close(V)
// V count=1 inflight=1
// GC candidate condition met
for u in gc_inflight_list:
if (total_refs == inflight_refs)
add u to gc_candidates
// gc_candidates={L, V}
for u in gc_candidates:
scan_children(u, dec_inflight)
// embryo (skb1) was not
// reachable from L yet, so V's
// inflight remains unchanged
__skb_queue_tail(L, skb1)
unix_state_unlock(L)
for u in gc_candidates:
if (u.inflight)
scan_children(u, inc_inflight_move_tail)
// V count=1 inflight=2 (!)
If there is a GC-candidate listening socket, lock/unlock its state. This
makes GC wait until the end of any ongoing connect() to that socket. After
flipping the lock, a possibly SCM-laden embryo is already enqueued. And if
there is another embryo coming, it can not possibly carry SCM_RIGHTS. At
this point, unix_inflight() can not happen because unix_gc_lock is already
taken. Inflight graph remains unaffected.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
13 references
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 , < a36ae0ec2353015f0f6762e59f4c2dbc0c906423
(git)
Affected: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 , < 343c5372d5e17b306db5f8f3c895539b06e3177f (git) Affected: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 , < 2e2a03787f4f0abc0072350654ab0ef3324d9db3 (git) Affected: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 , < e76c2678228f6aec74b305ae30c9374cc2f28a51 (git) Affected: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 , < b75722be422c276b699200de90527d01c602ea7c (git) Affected: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 , < 507cc232ffe53a352847893f8177d276c3b532a9 (git) Affected: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 , < dbdf7bec5c920200077d693193f989cb1513f009 (git) Affected: 1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 , < 47d8ac011fe1c9251070e1bd64cb10b48193ec51 (git) |
|
| Linux | Linux |
Affected:
2.6.23
Unaffected: 0 , < 2.6.23 (semver) Unaffected: 4.19.314 , ≤ 4.19.* (semver) Unaffected: 5.4.275 , ≤ 5.4.* (semver) Unaffected: 5.10.216 , ≤ 5.10.* (semver) Unaffected: 5.15.156 , ≤ 5.15.* (semver) Unaffected: 6.1.87 , ≤ 6.1.* (semver) Unaffected: 6.6.28 , ≤ 6.6.* (semver) Unaffected: 6.8.7 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.0 , < V3.1.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T19:34:43.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a36ae0ec2353015f0f6762e59f4c2dbc0c906423"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/343c5372d5e17b306db5f8f3c895539b06e3177f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e2a03787f4f0abc0072350654ab0ef3324d9db3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e76c2678228f6aec74b305ae30c9374cc2f28a51"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b75722be422c276b699200de90527d01c602ea7c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/507cc232ffe53a352847893f8177d276c3b532a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbdf7bec5c920200077d693193f989cb1513f009"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47d8ac011fe1c9251070e1bd64cb10b48193ec51"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:50:40.454Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/unix/garbage.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a36ae0ec2353015f0f6762e59f4c2dbc0c906423",
"status": "affected",
"version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
"versionType": "git"
},
{
"lessThan": "343c5372d5e17b306db5f8f3c895539b06e3177f",
"status": "affected",
"version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
"versionType": "git"
},
{
"lessThan": "2e2a03787f4f0abc0072350654ab0ef3324d9db3",
"status": "affected",
"version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
"versionType": "git"
},
{
"lessThan": "e76c2678228f6aec74b305ae30c9374cc2f28a51",
"status": "affected",
"version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
"versionType": "git"
},
{
"lessThan": "b75722be422c276b699200de90527d01c602ea7c",
"status": "affected",
"version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
"versionType": "git"
},
{
"lessThan": "507cc232ffe53a352847893f8177d276c3b532a9",
"status": "affected",
"version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
"versionType": "git"
},
{
"lessThan": "dbdf7bec5c920200077d693193f989cb1513f009",
"status": "affected",
"version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
"versionType": "git"
},
{
"lessThan": "47d8ac011fe1c9251070e1bd64cb10b48193ec51",
"status": "affected",
"version": "1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/unix/garbage.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.23"
},
{
"lessThan": "2.6.23",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.275",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.314",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.275",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.156",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.87",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.28",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.7",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix garbage collector racing against connect()\n\nGarbage collector does not take into account the risk of embryo getting\nenqueued during the garbage collection. If such embryo has a peer that\ncarries SCM_RIGHTS, two consecutive passes of scan_children() may see a\ndifferent set of children. Leading to an incorrectly elevated inflight\ncount, and then a dangling pointer within the gc_inflight_list.\n\nsockets are AF_UNIX/SOCK_STREAM\nS is an unconnected socket\nL is a listening in-flight socket bound to addr, not in fdtable\nV\u0027s fd will be passed via sendmsg(), gets inflight count bumped\n\nconnect(S, addr)\tsendmsg(S, [V]); close(V)\t__unix_gc()\n----------------\t-------------------------\t-----------\n\nNS = unix_create1()\nskb1 = sock_wmalloc(NS)\nL = unix_find_other(addr)\nunix_state_lock(L)\nunix_peer(S) = NS\n\t\t\t// V count=1 inflight=0\n\n \t\t\tNS = unix_peer(S)\n \t\t\tskb2 = sock_alloc()\n\t\t\tskb_queue_tail(NS, skb2[V])\n\n\t\t\t// V became in-flight\n\t\t\t// V count=2 inflight=1\n\n\t\t\tclose(V)\n\n\t\t\t// V count=1 inflight=1\n\t\t\t// GC candidate condition met\n\n\t\t\t\t\t\tfor u in gc_inflight_list:\n\t\t\t\t\t\t if (total_refs == inflight_refs)\n\t\t\t\t\t\t add u to gc_candidates\n\n\t\t\t\t\t\t// gc_candidates={L, V}\n\n\t\t\t\t\t\tfor u in gc_candidates:\n\t\t\t\t\t\t scan_children(u, dec_inflight)\n\n\t\t\t\t\t\t// embryo (skb1) was not\n\t\t\t\t\t\t// reachable from L yet, so V\u0027s\n\t\t\t\t\t\t// inflight remains unchanged\n__skb_queue_tail(L, skb1)\nunix_state_unlock(L)\n\t\t\t\t\t\tfor u in gc_candidates:\n\t\t\t\t\t\t if (u.inflight)\n\t\t\t\t\t\t scan_children(u, inc_inflight_move_tail)\n\n\t\t\t\t\t\t// V count=1 inflight=2 (!)\n\nIf there is a GC-candidate listening socket, lock/unlock its state. This\nmakes GC wait until the end of any ongoing connect() to that socket. After\nflipping the lock, a possibly SCM-laden embryo is already enqueued. And if\nthere is another embryo coming, it can not possibly carry SCM_RIGHTS. At\nthis point, unix_inflight() can not happen because unix_gc_lock is already\ntaken. Inflight graph remains unaffected."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:06:59.719Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a36ae0ec2353015f0f6762e59f4c2dbc0c906423"
},
{
"url": "https://git.kernel.org/stable/c/343c5372d5e17b306db5f8f3c895539b06e3177f"
},
{
"url": "https://git.kernel.org/stable/c/2e2a03787f4f0abc0072350654ab0ef3324d9db3"
},
{
"url": "https://git.kernel.org/stable/c/e76c2678228f6aec74b305ae30c9374cc2f28a51"
},
{
"url": "https://git.kernel.org/stable/c/b75722be422c276b699200de90527d01c602ea7c"
},
{
"url": "https://git.kernel.org/stable/c/507cc232ffe53a352847893f8177d276c3b532a9"
},
{
"url": "https://git.kernel.org/stable/c/dbdf7bec5c920200077d693193f989cb1513f009"
},
{
"url": "https://git.kernel.org/stable/c/47d8ac011fe1c9251070e1bd64cb10b48193ec51"
}
],
"title": "af_unix: Fix garbage collector racing against connect()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26923",
"datePublished": "2024-04-24T21:49:22.001Z",
"dateReserved": "2024-02-19T14:20:24.194Z",
"dateUpdated": "2026-05-12T11:50:40.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26934 (GCVE-0-2024-26934)
Vulnerability from cvelistv5 – Published: 2024-05-01 05:17 – Updated: 2026-05-12 11:50
VLAI
EPSS
Title
USB: core: Fix deadlock in usb_deauthorize_interface()
Summary
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix deadlock in usb_deauthorize_interface()
Among the attribute file callback routines in
drivers/usb/core/sysfs.c, the interface_authorized_store() function is
the only one which acquires a device lock on an ancestor device: It
calls usb_deauthorize_interface(), which locks the interface's parent
USB device.
The will lead to deadlock if another process already owns that lock
and tries to remove the interface, whether through a configuration
change or because the device has been disconnected. As part of the
removal procedure, device_del() waits for all ongoing sysfs attribute
callbacks to complete. But usb_deauthorize_interface() can't complete
until the device lock has been released, and the lock won't be
released until the removal has finished.
The mechanism provided by sysfs to prevent this kind of deadlock is
to use the sysfs_break_active_protection() function, which tells sysfs
not to wait for the attribute callback.
Reported-and-tested by: Yue Sun <samsun1006219@gmail.com>
Reported by: xingwei lee <xrivendell7@gmail.com>
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
12 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < 8cbdd324b41528994027128207fae8100dff094f
(git)
Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < 12d6a5681a0a5cecc2af7860f0a1613fa7c6e947 (git) Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < e451709573f8be904a8a72d0775bf114d7c291d9 (git) Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < 1b175bc579f46520b11ecda443bcd2ee4904f66a (git) Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < ab062fa3dc69aea88fe62162c5881ba14b50ecc5 (git) Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < 122a06f1068bf5e39089863f4f60b1f5d4273384 (git) Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < dbdf66250d2d33e8b27352fcb901de79f3521057 (git) Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < 07acf979da33c721357ff27129edf74c23c036c6 (git) Affected: 310d2b4124c073a2057ef9d952d4d938e9b1dfd9 , < 80ba43e9f799cbdd83842fc27db667289b3150f5 (git) |
|
| Linux | Linux |
Affected:
4.4
Unaffected: 0 , < 4.4 (semver) Unaffected: 4.19.312 , ≤ 4.19.* (semver) Unaffected: 5.4.274 , ≤ 5.4.* (semver) Unaffected: 5.10.215 , ≤ 5.10.* (semver) Unaffected: 5.15.154 , ≤ 5.15.* (semver) Unaffected: 6.1.84 , ≤ 6.1.* (semver) Unaffected: 6.6.24 , ≤ 6.6.* (semver) Unaffected: 6.7.12 , ≤ 6.7.* (semver) Unaffected: 6.8.3 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T18:35:35.947702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:30.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8cbdd324b41528994027128207fae8100dff094f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/12d6a5681a0a5cecc2af7860f0a1613fa7c6e947"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e451709573f8be904a8a72d0775bf114d7c291d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b175bc579f46520b11ecda443bcd2ee4904f66a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab062fa3dc69aea88fe62162c5881ba14b50ecc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/122a06f1068bf5e39089863f4f60b1f5d4273384"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbdf66250d2d33e8b27352fcb901de79f3521057"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07acf979da33c721357ff27129edf74c23c036c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80ba43e9f799cbdd83842fc27db667289b3150f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:50:42.881Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/core/sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8cbdd324b41528994027128207fae8100dff094f",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
},
{
"lessThan": "12d6a5681a0a5cecc2af7860f0a1613fa7c6e947",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
},
{
"lessThan": "e451709573f8be904a8a72d0775bf114d7c291d9",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
},
{
"lessThan": "1b175bc579f46520b11ecda443bcd2ee4904f66a",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
},
{
"lessThan": "ab062fa3dc69aea88fe62162c5881ba14b50ecc5",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
},
{
"lessThan": "122a06f1068bf5e39089863f4f60b1f5d4273384",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
},
{
"lessThan": "dbdf66250d2d33e8b27352fcb901de79f3521057",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
},
{
"lessThan": "07acf979da33c721357ff27129edf74c23c036c6",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
},
{
"lessThan": "80ba43e9f799cbdd83842fc27db667289b3150f5",
"status": "affected",
"version": "310d2b4124c073a2057ef9d952d4d938e9b1dfd9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/core/sysfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.4"
},
{
"lessThan": "4.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix deadlock in usb_deauthorize_interface()\n\nAmong the attribute file callback routines in\ndrivers/usb/core/sysfs.c, the interface_authorized_store() function is\nthe only one which acquires a device lock on an ancestor device: It\ncalls usb_deauthorize_interface(), which locks the interface\u0027s parent\nUSB device.\n\nThe will lead to deadlock if another process already owns that lock\nand tries to remove the interface, whether through a configuration\nchange or because the device has been disconnected. As part of the\nremoval procedure, device_del() waits for all ongoing sysfs attribute\ncallbacks to complete. But usb_deauthorize_interface() can\u0027t complete\nuntil the device lock has been released, and the lock won\u0027t be\nreleased until the removal has finished.\n\nThe mechanism provided by sysfs to prevent this kind of deadlock is\nto use the sysfs_break_active_protection() function, which tells sysfs\nnot to wait for the attribute callback.\n\nReported-and-tested by: Yue Sun \u003csamsun1006219@gmail.com\u003e\nReported by: xingwei lee \u003cxrivendell7@gmail.com\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:07:11.924Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8cbdd324b41528994027128207fae8100dff094f"
},
{
"url": "https://git.kernel.org/stable/c/12d6a5681a0a5cecc2af7860f0a1613fa7c6e947"
},
{
"url": "https://git.kernel.org/stable/c/e451709573f8be904a8a72d0775bf114d7c291d9"
},
{
"url": "https://git.kernel.org/stable/c/1b175bc579f46520b11ecda443bcd2ee4904f66a"
},
{
"url": "https://git.kernel.org/stable/c/ab062fa3dc69aea88fe62162c5881ba14b50ecc5"
},
{
"url": "https://git.kernel.org/stable/c/122a06f1068bf5e39089863f4f60b1f5d4273384"
},
{
"url": "https://git.kernel.org/stable/c/dbdf66250d2d33e8b27352fcb901de79f3521057"
},
{
"url": "https://git.kernel.org/stable/c/07acf979da33c721357ff27129edf74c23c036c6"
},
{
"url": "https://git.kernel.org/stable/c/80ba43e9f799cbdd83842fc27db667289b3150f5"
}
],
"title": "USB: core: Fix deadlock in usb_deauthorize_interface()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26934",
"datePublished": "2024-05-01T05:17:27.352Z",
"dateReserved": "2024-02-19T14:20:24.196Z",
"dateUpdated": "2026-05-12T11:50:42.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26936 (GCVE-0-2024-26936)
Vulnerability from cvelistv5 – Published: 2024-05-01 05:26 – Updated: 2026-05-11 20:07
VLAI
EPSS
Title
ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
The response buffer should be allocated in smb2_allocate_rsp_buf
before validating request. But the fields in payload as well as smb2 header
is used in smb2_allocate_rsp_buf(). This patch add simple buffer size
validation to avoid potencial out-of-bounds in request buffer.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
0626e6641f6b467447c81dd7678a69c66f7746cf , < 8f3d0bf1d0c62b539d54c5b9108a845cff619b99
(git)
Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 21ff9d7d223c5c19cb4334009e4c0c83a2f4d674 (git) Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 5c20b242d4fed73a93591e48bfd9772e2322fb11 (git) Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 2c27a64a2bc47d9bfc7c3cf8be14be53b1ee7cb6 (git) Affected: 0626e6641f6b467447c81dd7678a69c66f7746cf , < 17cf0c2794bdb6f39671265aa18aea5c22ee8c4a (git) |
|
| Linux | Linux |
Affected:
5.15
Unaffected: 0 , < 5.15 (semver) Unaffected: 5.15.159 , ≤ 5.15.* (semver) Unaffected: 6.1.88 , ≤ 6.1.* (semver) Unaffected: 6.6.29 , ≤ 6.6.* (semver) Unaffected: 6.8.8 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T18:35:18.289818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:47.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f3d0bf1d0c62b539d54c5b9108a845cff619b99"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21ff9d7d223c5c19cb4334009e4c0c83a2f4d674"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c20b242d4fed73a93591e48bfd9772e2322fb11"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c27a64a2bc47d9bfc7c3cf8be14be53b1ee7cb6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17cf0c2794bdb6f39671265aa18aea5c22ee8c4a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/server/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8f3d0bf1d0c62b539d54c5b9108a845cff619b99",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
},
{
"lessThan": "21ff9d7d223c5c19cb4334009e4c0c83a2f4d674",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
},
{
"lessThan": "5c20b242d4fed73a93591e48bfd9772e2322fb11",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
},
{
"lessThan": "2c27a64a2bc47d9bfc7c3cf8be14be53b1ee7cb6",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
},
{
"lessThan": "17cf0c2794bdb6f39671265aa18aea5c22ee8c4a",
"status": "affected",
"version": "0626e6641f6b467447c81dd7678a69c66f7746cf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/server/smb2pdu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.159",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate request buffer size in smb2_allocate_rsp_buf()\n\nThe response buffer should be allocated in smb2_allocate_rsp_buf\nbefore validating request. But the fields in payload as well as smb2 header\nis used in smb2_allocate_rsp_buf(). This patch add simple buffer size\nvalidation to avoid potencial out-of-bounds in request buffer."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:07:14.603Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8f3d0bf1d0c62b539d54c5b9108a845cff619b99"
},
{
"url": "https://git.kernel.org/stable/c/21ff9d7d223c5c19cb4334009e4c0c83a2f4d674"
},
{
"url": "https://git.kernel.org/stable/c/5c20b242d4fed73a93591e48bfd9772e2322fb11"
},
{
"url": "https://git.kernel.org/stable/c/2c27a64a2bc47d9bfc7c3cf8be14be53b1ee7cb6"
},
{
"url": "https://git.kernel.org/stable/c/17cf0c2794bdb6f39671265aa18aea5c22ee8c4a"
}
],
"title": "ksmbd: validate request buffer size in smb2_allocate_rsp_buf()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26936",
"datePublished": "2024-05-01T05:26:51.773Z",
"dateReserved": "2024-02-19T14:20:24.196Z",
"dateUpdated": "2026-05-11T20:07:14.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…