CVE-2024-26675 (GCVE-0-2024-26675)
Vulnerability from cvelistv5 – Published: 2024-04-02 07:01 – Updated: 2026-05-11 20:02
VLAI
Title
ppp_async: limit MRU to 64K
Summary
In the Linux kernel, the following vulnerability has been resolved:
ppp_async: limit MRU to 64K
syzbot triggered a warning [1] in __alloc_pages():
WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)
Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K")
Adopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)
[1]:
WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
Modules linked in:
CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Workqueue: events_unbound flush_to_ldisc
pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537
sp : ffff800093967580
x29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000
x26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0
x23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8
x20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120
x17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005
x14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000
x11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001
x8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020
x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0
Call trace:
__alloc_pages+0x308/0x698 mm/page_alloc.c:4543
__alloc_pages_node include/linux/gfp.h:238 [inline]
alloc_pages_node include/linux/gfp.h:261 [inline]
__kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926
__do_kmalloc_node mm/slub.c:3969 [inline]
__kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001
kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590
__alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651
__netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715
netdev_alloc_skb include/linux/skbuff.h:3235 [inline]
dev_alloc_skb include/linux/skbuff.h:3248 [inline]
ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]
ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341
tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390
tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:444 [inline]
flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494
process_one_work+0x694/0x1204 kernel/workqueue.c:2633
process_scheduled_works kernel/workqueue.c:2706 [inline]
worker_thread+0x938/0xef4 kernel/workqueue.c:2787
kthread+0x288/0x310 kernel/kthread.c:388
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 56fae81633ccee307cfcb032f706bf1863a56982 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b06e067e93fa4b98acfd3a9f38a398ab91bbc58b (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4e2c4846b2507f6dfc9bea72b7567c2693a82a16 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7e5ef49670766c9742ffcd9cead7cdb018268719 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 210d938f963dddc543b07e66a79b7d8d4bd00bd8 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < cb88cb53badb8aeb3955ad6ce80b07b598e310b8 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 4.19.307 , ≤ 4.19.* (semver) Unaffected: 5.4.269 , ≤ 5.4.* (semver) Unaffected: 5.10.210 , ≤ 5.10.* (semver) Unaffected: 5.15.149 , ≤ 5.15.* (semver) Unaffected: 6.1.78 , ≤ 6.1.* (semver) Unaffected: 6.6.17 , ≤ 6.6.* (semver) Unaffected: 6.7.5 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:53:26.335519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:36.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ppp/ppp_async.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "56fae81633ccee307cfcb032f706bf1863a56982",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b06e067e93fa4b98acfd3a9f38a398ab91bbc58b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4e2c4846b2507f6dfc9bea72b7567c2693a82a16",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7e5ef49670766c9742ffcd9cead7cdb018268719",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "210d938f963dddc543b07e66a79b7d8d4bd00bd8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cb88cb53badb8aeb3955ad6ce80b07b598e310b8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ppp/ppp_async.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp_async: limit MRU to 64K\n\nsyzbot triggered a warning [1] in __alloc_pages():\n\nWARN_ON_ONCE_GFP(order \u003e MAX_PAGE_ORDER, gfp)\n\nWillem fixed a similar issue in commit c0a2a1b0d631 (\"ppp: limit MRU to 64K\")\n\nAdopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)\n\n[1]:\n\n WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\nWorkqueue: events_unbound flush_to_ldisc\npstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\n lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537\nsp : ffff800093967580\nx29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000\nx26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0\nx23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8\nx20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120\nx17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005\nx14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000\nx11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001\nx8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f\nx5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020\nx2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0\nCall trace:\n __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926\n __do_kmalloc_node mm/slub.c:3969 [inline]\n __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001\n kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590\n __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651\n __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715\n netdev_alloc_skb include/linux/skbuff.h:3235 [inline]\n dev_alloc_skb include/linux/skbuff.h:3248 [inline]\n ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]\n ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341\n tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390\n tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37\n receive_buf drivers/tty/tty_buffer.c:444 [inline]\n flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494\n process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n process_scheduled_works kernel/workqueue.c:2706 [inline]\n worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n kthread+0x288/0x310 kernel/kthread.c:388\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:02:01.178Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed"
},
{
"url": "https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982"
},
{
"url": "https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b"
},
{
"url": "https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3"
},
{
"url": "https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16"
},
{
"url": "https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719"
},
{
"url": "https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8"
},
{
"url": "https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8"
}
],
"title": "ppp_async: limit MRU to 64K",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26675",
"datePublished": "2024-04-02T07:01:40.054Z",
"dateReserved": "2024-02-19T14:20:24.151Z",
"dateUpdated": "2026-05-11T20:02:01.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-26675",
"date": "2026-07-04",
"epss": "0.00254",
"percentile": "0.16754"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nppp_async: limit MRU to 64K\\n\\nsyzbot triggered a warning [1] in __alloc_pages():\\n\\nWARN_ON_ONCE_GFP(order \u003e MAX_PAGE_ORDER, gfp)\\n\\nWillem fixed a similar issue in commit c0a2a1b0d631 (\\\"ppp: limit MRU to 64K\\\")\\n\\nAdopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)\\n\\n[1]:\\n\\n WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\\nModules linked in:\\nCPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\\nWorkqueue: events_unbound flush_to_ldisc\\npstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\n pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\\n lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537\\nsp : ffff800093967580\\nx29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000\\nx26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0\\nx23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8\\nx20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120\\nx17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005\\nx14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000\\nx11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001\\nx8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f\\nx5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020\\nx2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0\\nCall trace:\\n __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\\n __alloc_pages_node include/linux/gfp.h:238 [inline]\\n alloc_pages_node include/linux/gfp.h:261 [inline]\\n __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926\\n __do_kmalloc_node mm/slub.c:3969 [inline]\\n __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001\\n kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590\\n __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651\\n __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715\\n netdev_alloc_skb include/linux/skbuff.h:3235 [inline]\\n dev_alloc_skb include/linux/skbuff.h:3248 [inline]\\n ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]\\n ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341\\n tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390\\n tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37\\n receive_buf drivers/tty/tty_buffer.c:444 [inline]\\n flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494\\n process_one_work+0x694/0x1204 kernel/workqueue.c:2633\\n process_scheduled_works kernel/workqueue.c:2706 [inline]\\n worker_thread+0x938/0xef4 kernel/workqueue.c:2787\\n kthread+0x288/0x310 kernel/kthread.c:388\\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se resolvi\\u00f3 la siguiente vulnerabilidad: ppp_async: limitar MRU a 64K syzbot activ\\u00f3 una advertencia [1] en __alloc_pages(): WARN_ON_ONCE_GFP(order \u0026gt; MAX_PAGE_ORDER, gfp) Willem solucion\\u00f3 un problema similar en el commit c0a2a1b0d631 (\\\"ppp: limite MRU a 64K\\\") Adopte la misma verificaci\\u00f3n de cordura para ppp_async_ioctl(PPPIOCSMRU) [1]: ADVERTENCIA: CPU: 1 PID: 11 en mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543 M\\u00f3dulos vinculados en: CPU: 1 PID: 11 Comm: kworker/u4:0 No contaminado 6.8.0-rc2-syzkaller-g41bccc98fb79 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 17/11/2023 Cola de trabajo: events_unbound flux_to_ldisc pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543 lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537 sp: ffff800093967580 x29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000 x26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000 939675c0 x23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8 x20: ffff8000939675e0 x19: 0000000000000010 x18: ffff8000939671 20 x17: ffff800083bded5c x16: ffff80008ac97500 x15: 00000000000000005 x14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000 x11: ffff70001272cec1 x10: 1ffff0001272cec0 x9: 0000000000000001 x8: ffff800091c 91000 x7: 0000000000000000 x6: 000000000000003f x5: 00000000ffffffff x4: 0000000000000000 x3: 00000000000000020 x2: 0000000000000008 x1: 0000000000000000 x0: ffff8000939675e0 Rastreo de llamadas: __alloc_pages+0x308/ 0x698 mm/page_alloc.c:4543 __alloc_pages_node include/linux/gfp.h:238 [en l\\u00ednea] alloc_pages_node include/linux/gfp.h:261 [en l\\u00ednea] __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926 __do_kmalloc_node mm/slub .c:3969 [en l\\u00ednea] __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001 kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590 __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651 __netdev_alloc_skb+0x b8 /0x3e8 net/core/skbuff.c:715 netdev_alloc_skb include/linux/skbuff.h:3235 [en l\\u00ednea] dev_alloc_skb include/linux/skbuff.h:3248 [en l\\u00ednea] ppp_async_input drivers/net/ppp/ppp_async.c:863 [ en l\\u00ednea] ppp_asynctty_receive+0x588/0x186c controladores/net/ppp/ppp_async.c:341 tty_ldisc_receive_buf+0x12c/0x15c controladores/tty/tty_buffer.c:390 tty_port_default_receive_buf+0x74/0xac controladores/tty/tty_port.c:37 recibir_buf controladores /tty /tty_buffer.c:444 [en l\\u00ednea] Flush_to_ldisc+0x284/0x6e4 controladores/tty/tty_buffer.c:494 Process_one_work+0x694/0x1204 kernel/workqueue.c:2633 Process_scheduled_works kernel/workqueue.c:2706 [en l\\u00ednea] trabajador_thread+0x938/ 0xef4 kernel/workqueue.c:2787 kthread+0x288/0x310 kernel/kthread.c:388 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\"}]",
"id": "CVE-2024-26675",
"lastModified": "2024-11-21T09:02:49.250",
"published": "2024-04-02T07:15:44.100",
"references": "[{\"url\": \"https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-26675\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-02T07:15:44.100\",\"lastModified\":\"2026-06-17T07:18:04.023\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nppp_async: limit MRU to 64K\\n\\nsyzbot triggered a warning [1] in __alloc_pages():\\n\\nWARN_ON_ONCE_GFP(order \u003e MAX_PAGE_ORDER, gfp)\\n\\nWillem fixed a similar issue in commit c0a2a1b0d631 (\\\"ppp: limit MRU to 64K\\\")\\n\\nAdopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)\\n\\n[1]:\\n\\n WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\\nModules linked in:\\nCPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\\nWorkqueue: events_unbound flush_to_ldisc\\npstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\n pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\\n lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537\\nsp : ffff800093967580\\nx29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000\\nx26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0\\nx23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8\\nx20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120\\nx17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005\\nx14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000\\nx11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001\\nx8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f\\nx5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020\\nx2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0\\nCall trace:\\n __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\\n __alloc_pages_node include/linux/gfp.h:238 [inline]\\n alloc_pages_node include/linux/gfp.h:261 [inline]\\n __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926\\n __do_kmalloc_node mm/slub.c:3969 [inline]\\n __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001\\n kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590\\n __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651\\n __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715\\n netdev_alloc_skb include/linux/skbuff.h:3235 [inline]\\n dev_alloc_skb include/linux/skbuff.h:3248 [inline]\\n ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]\\n ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341\\n tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390\\n tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37\\n receive_buf drivers/tty/tty_buffer.c:444 [inline]\\n flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494\\n process_one_work+0x694/0x1204 kernel/workqueue.c:2633\\n process_scheduled_works kernel/workqueue.c:2706 [inline]\\n worker_thread+0x938/0xef4 kernel/workqueue.c:2787\\n kthread+0x288/0x310 kernel/kthread.c:388\\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ppp_async: limitar MRU a 64K syzbot activ\u00f3 una advertencia [1] en __alloc_pages(): WARN_ON_ONCE_GFP(order \u0026gt; MAX_PAGE_ORDER, gfp) Willem solucion\u00f3 un problema similar en el commit c0a2a1b0d631 (\\\"ppp: limite MRU a 64K\\\") Adopte la misma verificaci\u00f3n de cordura para ppp_async_ioctl(PPPIOCSMRU) [1]: ADVERTENCIA: CPU: 1 PID: 11 en mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543 M\u00f3dulos vinculados en: CPU: 1 PID: 11 Comm: kworker/u4:0 No contaminado 6.8.0-rc2-syzkaller-g41bccc98fb79 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 17/11/2023 Cola de trabajo: events_unbound flux_to_ldisc pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543 lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537 sp: ffff800093967580 x29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000 x26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000 939675c0 x23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8 x20: ffff8000939675e0 x19: 0000000000000010 x18: ffff8000939671 20 x17: ffff800083bded5c x16: ffff80008ac97500 x15: 00000000000000005 x14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000 x11: ffff70001272cec1 x10: 1ffff0001272cec0 x9: 0000000000000001 x8: ffff800091c 91000 x7: 0000000000000000 x6: 000000000000003f x5: 00000000ffffffff x4: 0000000000000000 x3: 00000000000000020 x2: 0000000000000008 x1: 0000000000000000 x0: ffff8000939675e0 Rastreo de llamadas: __alloc_pages+0x308/ 0x698 mm/page_alloc.c:4543 __alloc_pages_node include/linux/gfp.h:238 [en l\u00ednea] alloc_pages_node include/linux/gfp.h:261 [en l\u00ednea] __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926 __do_kmalloc_node mm/slub .c:3969 [en l\u00ednea] __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001 kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590 __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651 __netdev_alloc_skb+0x b8 /0x3e8 net/core/skbuff.c:715 netdev_alloc_skb include/linux/skbuff.h:3235 [en l\u00ednea] dev_alloc_skb include/linux/skbuff.h:3248 [en l\u00ednea] ppp_async_input drivers/net/ppp/ppp_async.c:863 [ en l\u00ednea] ppp_asynctty_receive+0x588/0x186c controladores/net/ppp/ppp_async.c:341 tty_ldisc_receive_buf+0x12c/0x15c controladores/tty/tty_buffer.c:390 tty_port_default_receive_buf+0x74/0xac controladores/tty/tty_port.c:37 recibir_buf controladores /tty /tty_buffer.c:444 [en l\u00ednea] Flush_to_ldisc+0x284/0x6e4 controladores/tty/tty_buffer.c:494 Process_one_work+0x694/0x1204 kernel/workqueue.c:2633 Process_scheduled_works kernel/workqueue.c:2706 [en l\u00ednea] trabajador_thread+0x938/ 0xef4 kernel/workqueue.c:2787 kthread+0x288/0x310 kernel/kthread.c:388 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"drivers/net/ppp/ppp_async.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"56fae81633ccee307cfcb032f706bf1863a56982\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"b06e067e93fa4b98acfd3a9f38a398ab91bbc58b\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"4e2c4846b2507f6dfc9bea72b7567c2693a82a16\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"7e5ef49670766c9742ffcd9cead7cdb018268719\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"210d938f963dddc543b07e66a79b7d8d4bd00bd8\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"cb88cb53badb8aeb3955ad6ce80b07b598e310b8\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"drivers/net/ppp/ppp_async.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"2.6.12\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"2.6.12\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"4.19.307\",\"lessThanOrEqual\":\"4.19.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.4.269\",\"lessThanOrEqual\":\"5.4.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.10.210\",\"lessThanOrEqual\":\"5.10.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.15.149\",\"lessThanOrEqual\":\"5.15.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.78\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.6.17\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.7.5\",\"lessThanOrEqual\":\"6.7.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.8\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-09-10T15:53:26.335519Z\",\"id\":\"CVE-2024-26675\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.12\",\"versionEndExcluding\":\"4.19.307\",\"matchCriteriaId\":\"9F7D87E5-6751-4F81-9988-9AD4C1201206\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.269\",\"matchCriteriaId\":\"319545F3-D56C-4751-BEBF-0505478BBAE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.210\",\"matchCriteriaId\":\"F5CB4CA6-A9A0-4AFD-9102-8CF94D708170\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.149\",\"matchCriteriaId\":\"0D0465BB-4053-4E15-9137-6696EBAE90FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.78\",\"matchCriteriaId\":\"26190115-BC0C-4106-9408-E7928FE5DA62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.17\",\"matchCriteriaId\":\"73F8C6ED-5A0B-4B25-8FA9-AF916A9C8F0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.7.5\",\"matchCriteriaId\":\"01925741-2C95-47C1-A7EA-3DC2BB0012D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9F4EA73-0894-400F-A490-3A397AB7A517\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"056BD938-0A27-4569-B391-30578B309EE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F02056A5-B362-4370-9FF8-6F0BD384D520\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T00:14:12.841Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-26675\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T15:53:26.335519Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:17.617Z\"}}], \"cna\": {\"title\": \"ppp_async: limit MRU to 64K\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"56fae81633ccee307cfcb032f706bf1863a56982\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"b06e067e93fa4b98acfd3a9f38a398ab91bbc58b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"4e2c4846b2507f6dfc9bea72b7567c2693a82a16\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"7e5ef49670766c9742ffcd9cead7cdb018268719\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"210d938f963dddc543b07e66a79b7d8d4bd00bd8\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"cb88cb53badb8aeb3955ad6ce80b07b598e310b8\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/net/ppp/ppp_async.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.12\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"2.6.12\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.19.307\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.269\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.210\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.149\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.78\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.17\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.7.5\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.7.*\"}, {\"status\": \"unaffected\", \"version\": \"6.8\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/net/ppp/ppp_async.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed\"}, {\"url\": \"https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982\"}, {\"url\": \"https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b\"}, {\"url\": \"https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3\"}, {\"url\": \"https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16\"}, {\"url\": \"https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719\"}, {\"url\": \"https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8\"}, {\"url\": \"https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nppp_async: limit MRU to 64K\\n\\nsyzbot triggered a warning [1] in __alloc_pages():\\n\\nWARN_ON_ONCE_GFP(order \u003e MAX_PAGE_ORDER, gfp)\\n\\nWillem fixed a similar issue in commit c0a2a1b0d631 (\\\"ppp: limit MRU to 64K\\\")\\n\\nAdopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)\\n\\n[1]:\\n\\n WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\\nModules linked in:\\nCPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\\nWorkqueue: events_unbound flush_to_ldisc\\npstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\n pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\\n lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537\\nsp : ffff800093967580\\nx29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000\\nx26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0\\nx23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8\\nx20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120\\nx17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005\\nx14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000\\nx11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001\\nx8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f\\nx5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020\\nx2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0\\nCall trace:\\n __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\\n __alloc_pages_node include/linux/gfp.h:238 [inline]\\n alloc_pages_node include/linux/gfp.h:261 [inline]\\n __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926\\n __do_kmalloc_node mm/slub.c:3969 [inline]\\n __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001\\n kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590\\n __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651\\n __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715\\n netdev_alloc_skb include/linux/skbuff.h:3235 [inline]\\n dev_alloc_skb include/linux/skbuff.h:3248 [inline]\\n ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]\\n ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341\\n tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390\\n tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37\\n receive_buf drivers/tty/tty_buffer.c:444 [inline]\\n flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494\\n process_one_work+0x694/0x1204 kernel/workqueue.c:2633\\n process_scheduled_works kernel/workqueue.c:2706 [inline]\\n worker_thread+0x938/0xef4 kernel/workqueue.c:2787\\n kthread+0x288/0x310 kernel/kthread.c:388\\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.307\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.269\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.210\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.149\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.78\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.17\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.7.5\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.8\", \"versionStartIncluding\": \"2.6.12\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-11T20:02:01.178Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-26675\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-11T20:02:01.178Z\", \"dateReserved\": \"2024-02-19T14:20:24.151Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-04-02T07:01:40.054Z\", \"assignerShortName\": \"Linux\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…