Vulnerability-Lookup

alsa-2024:5363

Vulnerability from osv_almalinux

Published

2024-08-14 00:00

Modified

2024-11-03 22:26

Summary

Important: kernel security update

Details

The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):

kernel: phy: (CVE-2024-26600)
kernel: netfilter: multiple flaws (CVE-2024-26808, CVE-2024-27065, CVE-2024-35899, CVE-2024-36005)
kernel: cifs: (CVE-2024-26828)
kernel: wifi: multiple flaws (CVE-2024-26897, CVE-2024-27052, CVE-2024-27049, CVE-2023-52651, CVE-2024-35789, CVE-2024-27434, CVE-2024-35845, CVE-2024-35937, CVE-2024-36941, CVE-2024-36922, CVE-2024-36921, CVE-2024-38575)
kernel: nfs: (CVE-2024-26868)
kernel: igc: (CVE-2024-26853)
kernel: dmaengine/idxd: (CVE-2024-21823)
kernel: ipv6: multiple flaws (CVE-2024-27417, CVE-2024-35969, CVE-2024-36903, CVE-2024-40961)
kernel: vt: (CVE-2024-35823)
kernel: efi: (CVE-2024-35800)
kernel: mlxsw: (CVE-2024-35852)
kernel: eeprom: (CVE-2024-35848)
kernel: ice: (CVE-2024-35911)
kernel: platform/x86: (CVE-2023-52864)
kernel: i40e: (CVE-2024-36020)
kernel: rtnetlink: (CVE-2024-36017)
kernel: net: multiple flaws (CVE-2024-36929, CVE-2024-36971, CVE-2021-47606, CVE-2024-38558, CVE-2024-40928, CVE-2024-40954)
kernel: ipvlan: (CVE-2024-33621)
kernel: tcp: (CVE-2024-37356)
kernel: virtio: (CVE-2024-37353)
kernel: tls: (CVE-2024-36489)
kernel: cxl/region: (CVE-2024-38391)
kernel: bonding: (CVE-2024-39487)
kernel: netns: (CVE-2024-40958)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:5363	ADVISORY
	https://access.redhat.com/security/cve/CVE-2021-47606	REPORT
	https://access.redhat.com/security/cve/CVE-2023-52651	REPORT
	https://access.redhat.com/security/cve/CVE-2023-52864	REPORT
	https://access.redhat.com/security/cve/CVE-2024-21823	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26600	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26808	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26828	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26853	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26868	REPORT
	https://access.redhat.com/security/cve/CVE-2024-26897	REPORT
	https://access.redhat.com/security/cve/CVE-2024-27049	REPORT
	https://access.redhat.com/security/cve/CVE-2024-27052	REPORT
	https://access.redhat.com/security/cve/CVE-2024-27065	REPORT
	https://access.redhat.com/security/cve/CVE-2024-27417	REPORT
	https://access.redhat.com/security/cve/CVE-2024-27434	REPORT
	https://access.redhat.com/security/cve/CVE-2024-33621	REPORT
	https://access.redhat.com/security/cve/CVE-2024-35789	REPORT
	https://access.redhat.com/security/cve/CVE-2024-35800	REPORT
	https://access.redhat.com/security/cve/CVE-2024-35823	REPORT
	https://access.redhat.com/security/cve/CVE-2024-35845	REPORT
	https://access.redhat.com/security/cve/CVE-2024-35848	REPORT
	https://access.redhat.com/security/cve/CVE-2024-35852	REPORT
	https://access.redhat.com/security/cve/CVE-2024-35899	REPORT
	https://access.redhat.com/security/cve/CVE-2024-35911	REPORT
	https://access.redhat.com/security/cve/CVE-2024-35937	REPORT
	https://access.redhat.com/security/cve/CVE-2024-35969	REPORT
	https://access.redhat.com/security/cve/CVE-2024-36005	REPORT
	https://access.redhat.com/security/cve/CVE-2024-36017	REPORT
	https://access.redhat.com/security/cve/CVE-2024-36020	REPORT
	https://access.redhat.com/security/cve/CVE-2024-36489	REPORT
	https://access.redhat.com/security/cve/CVE-2024-36903	REPORT
	https://access.redhat.com/security/cve/CVE-2024-36921	REPORT
	https://access.redhat.com/security/cve/CVE-2024-36922	REPORT
	https://access.redhat.com/security/cve/CVE-2024-36929	REPORT
	https://access.redhat.com/security/cve/CVE-2024-36941	REPORT
	https://access.redhat.com/security/cve/CVE-2024-36971	REPORT
	https://access.redhat.com/security/cve/CVE-2024-37353	REPORT
	https://access.redhat.com/security/cve/CVE-2024-37356	REPORT
	https://access.redhat.com/security/cve/CVE-2024-38391	REPORT
	https://access.redhat.com/security/cve/CVE-2024-38558	REPORT
	https://access.redhat.com/security/cve/CVE-2024-38575	REPORT
	https://access.redhat.com/security/cve/CVE-2024-39487	REPORT
	https://access.redhat.com/security/cve/CVE-2024-40928	REPORT
	https://access.redhat.com/security/cve/CVE-2024-40954	REPORT
	https://access.redhat.com/security/cve/CVE-2024-40958	REPORT
	https://access.redhat.com/security/cve/CVE-2024-40961	REPORT
	https://bugzilla.redhat.com/2265838	REPORT
	https://bugzilla.redhat.com/2273405	REPORT
	https://bugzilla.redhat.com/2275600	REPORT
	https://bugzilla.redhat.com/2275655	REPORT
	https://bugzilla.redhat.com/2275715	REPORT
	https://bugzilla.redhat.com/2275748	REPORT
	https://bugzilla.redhat.com/2278380	REPORT
	https://bugzilla.redhat.com/2278417	REPORT
	https://bugzilla.redhat.com/2278429	REPORT
	https://bugzilla.redhat.com/2278519	REPORT
	https://bugzilla.redhat.com/2278989	REPORT
	https://bugzilla.redhat.com/2281057	REPORT
	https://bugzilla.redhat.com/2281097	REPORT
	https://bugzilla.redhat.com/2281133	REPORT
	https://bugzilla.redhat.com/2281190	REPORT
	https://bugzilla.redhat.com/2281237	REPORT
	https://bugzilla.redhat.com/2281257	REPORT
	https://bugzilla.redhat.com/2281265	REPORT
	https://bugzilla.redhat.com/2281272	REPORT
	https://bugzilla.redhat.com/2281639	REPORT
	https://bugzilla.redhat.com/2281667	REPORT
	https://bugzilla.redhat.com/2281821	REPORT
	https://bugzilla.redhat.com/2281900	REPORT
	https://bugzilla.redhat.com/2281949	REPORT
	https://bugzilla.redhat.com/2282719	REPORT
	https://bugzilla.redhat.com/2284400	REPORT
	https://bugzilla.redhat.com/2284417	REPORT
	https://bugzilla.redhat.com/2284474	REPORT
	https://bugzilla.redhat.com/2284496	REPORT
	https://bugzilla.redhat.com/2284511	REPORT
	https://bugzilla.redhat.com/2284513	REPORT
	https://bugzilla.redhat.com/2284543	REPORT
	https://bugzilla.redhat.com/2292331	REPORT
	https://bugzilla.redhat.com/2293208	REPORT
	https://bugzilla.redhat.com/2293418	REPORT
	https://bugzilla.redhat.com/2293441	REPORT
	https://bugzilla.redhat.com/2293657	REPORT
	https://bugzilla.redhat.com/2293658	REPORT
	https://bugzilla.redhat.com/2293686	REPORT
	https://bugzilla.redhat.com/2293687	REPORT
	https://bugzilla.redhat.com/2293688	REPORT
	https://bugzilla.redhat.com/2297056	REPORT
	https://bugzilla.redhat.com/2297512	REPORT
	https://bugzilla.redhat.com/2297538	REPORT
	https://bugzilla.redhat.com/2297542	REPORT
	https://bugzilla.redhat.com/2297545	REPORT
	https://errata.almalinux.org/9/ALSA-2024-5363.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "bpftool"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-64k"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-64k-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-64k-debug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-64k-debug-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-64k-debug-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-64k-debug-devel-matched"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-64k-debug-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-64k-debug-modules-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-64k-debug-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-64k-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-64k-devel-matched"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-64k-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-64k-modules-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-64k-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-abi-stablelists"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-cross-headers"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-debug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-debug-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-debug-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-debug-devel-matched"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-debug-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-debug-modules-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-debug-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-debug-uki-virt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-devel-matched"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-doc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-headers"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-modules-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug-modules-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-modules-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-tools-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-tools-libs-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-uki-virt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-zfcpdump"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-zfcpdump-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-zfcpdump-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-zfcpdump-devel-matched"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-zfcpdump-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-zfcpdump-modules-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-zfcpdump-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "libperf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "perf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "python3-perf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "rtla"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "rv"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-427.31.1.el9_4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.  \nSecurity Fix(es):  \n\n  * kernel: phy: (CVE-2024-26600)\n  * kernel: netfilter: multiple flaws (CVE-2024-26808, CVE-2024-27065, CVE-2024-35899, CVE-2024-36005)\n  * kernel: cifs: (CVE-2024-26828)\n  * kernel: wifi: multiple flaws (CVE-2024-26897, CVE-2024-27052, CVE-2024-27049, CVE-2023-52651, CVE-2024-35789, CVE-2024-27434, CVE-2024-35845, CVE-2024-35937, CVE-2024-36941, CVE-2024-36922, CVE-2024-36921, CVE-2024-38575)\n  * kernel: nfs: (CVE-2024-26868)\n  * kernel: igc: (CVE-2024-26853)\n  * kernel: dmaengine/idxd: (CVE-2024-21823)\n  * kernel: ipv6: multiple flaws (CVE-2024-27417, CVE-2024-35969, CVE-2024-36903, CVE-2024-40961)\n  * kernel: vt: (CVE-2024-35823)\n  * kernel: efi: (CVE-2024-35800)\n  * kernel: mlxsw: (CVE-2024-35852)\n  * kernel: eeprom: (CVE-2024-35848)\n  * kernel: ice: (CVE-2024-35911)\n  * kernel: platform/x86: (CVE-2023-52864)\n  * kernel: i40e: (CVE-2024-36020)\n  * kernel: rtnetlink: (CVE-2024-36017)\n  * kernel: net: multiple flaws (CVE-2024-36929, CVE-2024-36971, CVE-2021-47606, CVE-2024-38558, CVE-2024-40928, CVE-2024-40954)\n  * kernel: ipvlan: (CVE-2024-33621)\n  * kernel: tcp: (CVE-2024-37356)\n  * kernel: virtio: (CVE-2024-37353)\n  * kernel: tls: (CVE-2024-36489)\n  * kernel: cxl/region: (CVE-2024-38391)\n  * kernel: bonding: (CVE-2024-39487)\n  * kernel: netns: (CVE-2024-40958)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2024:5363",
  "modified": "2024-11-03T22:26:07Z",
  "published": "2024-08-14T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:5363"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-47606"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-52651"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-52864"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21823"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26600"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26808"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26828"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26853"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26868"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-26897"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-27049"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-27052"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-27065"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-27417"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-27434"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-33621"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-35789"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-35800"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-35823"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-35845"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-35848"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-35852"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-35899"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-35911"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-35937"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-35969"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-36005"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-36017"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-36020"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-36489"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-36903"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-36921"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-36922"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-36929"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-36941"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-36971"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-37353"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-37356"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-38391"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-38558"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-38575"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-39487"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-40928"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-40954"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-40958"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-40961"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2265838"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2273405"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275600"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275655"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275715"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2275748"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2278380"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2278417"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2278429"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2278519"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2278989"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2281057"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2281097"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2281133"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2281190"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2281237"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2281257"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2281265"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2281272"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2281639"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2281667"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2281821"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2281900"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2281949"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2282719"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2284400"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2284417"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2284474"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2284496"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2284511"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2284513"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2284543"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2292331"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2293208"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2293418"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2293441"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2293657"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2293658"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2293686"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2293687"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2293688"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2297056"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2297512"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2297538"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2297542"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2297545"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-5363.html"
    }
  ],
  "related": [
    "CVE-2024-26600",
    "CVE-2024-26808",
    "CVE-2024-27065",
    "CVE-2024-35899",
    "CVE-2024-36005",
    "CVE-2024-26828",
    "CVE-2024-26897",
    "CVE-2024-27052",
    "CVE-2024-27049",
    "CVE-2023-52651",
    "CVE-2024-35789",
    "CVE-2024-27434",
    "CVE-2024-35845",
    "CVE-2024-35937",
    "CVE-2024-36941",
    "CVE-2024-36922",
    "CVE-2024-36921",
    "CVE-2024-38575",
    "CVE-2024-26868",
    "CVE-2024-26853",
    "CVE-2024-21823",
    "CVE-2024-27417",
    "CVE-2024-35969",
    "CVE-2024-36903",
    "CVE-2024-40961",
    "CVE-2024-35823",
    "CVE-2024-35800",
    "CVE-2024-35852",
    "CVE-2024-35848",
    "CVE-2024-35911",
    "CVE-2023-52864",
    "CVE-2024-36020",
    "CVE-2024-36017",
    "CVE-2024-36929",
    "CVE-2024-36971",
    "CVE-2021-47606",
    "CVE-2024-38558",
    "CVE-2024-40928",
    "CVE-2024-40954",
    "CVE-2024-33621",
    "CVE-2024-37356",
    "CVE-2024-37353",
    "CVE-2024-36489",
    "CVE-2024-38391",
    "CVE-2024-39487",
    "CVE-2024-40958"
  ],
  "summary": "Important: kernel security update"
}

CVE-2021-47606 (GCVE-0-2021-47606)

Vulnerability from cvelistv5 – Published: 2024-06-19 14:54 – Updated: 2026-05-11 13:57

Title

net: netlink: af_netlink: Prevent empty skb by adding a check on len.

Summary

In the Linux kernel, the following vulnerability has been resolved: net: netlink: af_netlink: Prevent empty skb by adding a check on len. Adding a check on len parameter to avoid empty skb. This prevents a division error in netem_enqueue function which is caused when skb->len=0 and skb->data_len=0 in the randomized corruption step as shown below. skb->data[prandom_u32() % skb_headlen(skb)] ^= 1<<(prandom_u32() % 8); Crash Report: [ 343.170349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.216110] netem: version 1.3 [ 343.235841] divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 343.236680] CPU: 3 PID: 4288 Comm: reproducer Not tainted 5.16.0-rc1+ [ 343.237569] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 [ 343.238707] RIP: 0010:netem_enqueue+0x1590/0x33c0 [sch_netem] [ 343.239499] Code: 89 85 58 ff ff ff e8 5f 5d e9 d3 48 8b b5 48 ff ff ff 8b 8d 50 ff ff ff 8b 85 58 ff ff ff 48 8b bd 70 ff ff ff 31 d2 2b 4f 74 <f7> f1 48 b8 00 00 00 00 00 fc ff df 49 01 d5 4c 89 e9 48 c1 e9 03 [ 343.241883] RSP: 0018:ffff88800bcd7368 EFLAGS: 00010246 [ 343.242589] RAX: 00000000ba7c0a9c RBX: 0000000000000001 RCX: 0000000000000000 [ 343.243542] RDX: 0000000000000000 RSI: ffff88800f8edb10 RDI: ffff88800f8eda40 [ 343.244474] RBP: ffff88800bcd7458 R08: 0000000000000000 R09: ffffffff94fb8445 [ 343.245403] R10: ffffffff94fb8336 R11: ffffffff94fb8445 R12: 0000000000000000 [ 343.246355] R13: ffff88800a5a7000 R14: ffff88800a5b5800 R15: 0000000000000020 [ 343.247291] FS: 00007fdde2bd7700(0000) GS:ffff888109780000(0000) knlGS:0000000000000000 [ 343.248350] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 343.249120] CR2: 00000000200000c0 CR3: 000000000ef4c000 CR4: 00000000000006e0 [ 343.250076] Call Trace: [ 343.250423] <TASK> [ 343.250713] ? memcpy+0x4d/0x60 [ 343.251162] ? netem_init+0xa0/0xa0 [sch_netem] [ 343.251795] ? __sanitizer_cov_trace_pc+0x21/0x60 [ 343.252443] netem_enqueue+0xe28/0x33c0 [sch_netem] [ 343.253102] ? stack_trace_save+0x87/0xb0 [ 343.253655] ? filter_irq_stacks+0xb0/0xb0 [ 343.254220] ? netem_init+0xa0/0xa0 [sch_netem] [ 343.254837] ? __kasan_check_write+0x14/0x20 [ 343.255418] ? _raw_spin_lock+0x88/0xd6 [ 343.255953] dev_qdisc_enqueue+0x50/0x180 [ 343.256508] __dev_queue_xmit+0x1a7e/0x3090 [ 343.257083] ? netdev_core_pick_tx+0x300/0x300 [ 343.257690] ? check_kcov_mode+0x10/0x40 [ 343.258219] ? _raw_spin_unlock_irqrestore+0x29/0x40 [ 343.258899] ? __kasan_init_slab_obj+0x24/0x30 [ 343.259529] ? setup_object.isra.71+0x23/0x90 [ 343.260121] ? new_slab+0x26e/0x4b0 [ 343.260609] ? kasan_poison+0x3a/0x50 [ 343.261118] ? kasan_unpoison+0x28/0x50 [ 343.261637] ? __kasan_slab_alloc+0x71/0x90 [ 343.262214] ? memcpy+0x4d/0x60 [ 343.262674] ? write_comp_data+0x2f/0x90 [ 343.263209] ? __kasan_check_write+0x14/0x20 [ 343.263802] ? __skb_clone+0x5d6/0x840 [ 343.264329] ? __sanitizer_cov_trace_pc+0x21/0x60 [ 343.264958] dev_queue_xmit+0x1c/0x20 [ 343.265470] netlink_deliver_tap+0x652/0x9c0 [ 343.266067] netlink_unicast+0x5a0/0x7f0 [ 343.266608] ? netlink_attachskb+0x860/0x860 [ 343.267183] ? __sanitizer_cov_trace_pc+0x21/0x60 [ 343.267820] ? write_comp_data+0x2f/0x90 [ 343.268367] netlink_sendmsg+0x922/0xe80 [ 343.268899] ? netlink_unicast+0x7f0/0x7f0 [ 343.269472] ? __sanitizer_cov_trace_pc+0x21/0x60 [ 343.270099] ? write_comp_data+0x2f/0x90 [ 343.270644] ? netlink_unicast+0x7f0/0x7f0 [ 343.271210] sock_sendmsg+0x155/0x190 [ 343.271721] ____sys_sendmsg+0x75f/0x8f0 [ 343.272262] ? kernel_sendmsg+0x60/0x60 [ 343.272788] ? write_comp_data+0x2f/0x90 [ 343.273332] ? write_comp_data+0x2f/0x90 [ 343.273869] ___sys_sendmsg+0x10f/0x190 [ 343.274405] ? sendmsg_copy_msghdr+0x80/0x80 [ 343.274984] ? slab_post_alloc_hook+0x70/0x230 [ 343.275597] ? futex_wait_setup+0x240/0x240 [ 343.276175] ? security_file_alloc+0x3e/0x170 [ 343.276779] ? write_comp_d ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/c54a60c8fbaa774f8…
https://git.kernel.org/stable/c/40cf2e058832d9cfa…
https://git.kernel.org/stable/c/54e785f7d5c197bc0…
https://git.kernel.org/stable/c/ff3f517bf7138e01a…
https://git.kernel.org/stable/c/c0315e93552e0d840…
https://git.kernel.org/stable/c/dadce61247c623048…
https://git.kernel.org/stable/c/4c986072a8c9249b9…
https://git.kernel.org/stable/c/f123cffdd8fe8ea6c…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: bcbde0d449eda7afa8f63280b165c8300dbd00e2 , < c54a60c8fbaa774f828e26df79f66229a8a0e010 (git) Affected: bcbde0d449eda7afa8f63280b165c8300dbd00e2 , < 40cf2e058832d9cfaae98dfd77334926275598b6 (git) Affected: bcbde0d449eda7afa8f63280b165c8300dbd00e2 , < 54e785f7d5c197bc06dbb8053700df7e2a093ced (git) Affected: bcbde0d449eda7afa8f63280b165c8300dbd00e2 , < ff3f517bf7138e01a17369042908a3f345c0ee41 (git) Affected: bcbde0d449eda7afa8f63280b165c8300dbd00e2 , < c0315e93552e0d840e9edc6abd71c7db82ec8f51 (git) Affected: bcbde0d449eda7afa8f63280b165c8300dbd00e2 , < dadce61247c6230489527cc5e343b6002d1114c5 (git) Affected: bcbde0d449eda7afa8f63280b165c8300dbd00e2 , < 4c986072a8c9249b9398c7a18f216dc26a9f0e35 (git) Affected: bcbde0d449eda7afa8f63280b165c8300dbd00e2 , < f123cffdd8fe8ea6c7fded4b88516a42798797d0 (git)
Linux	Linux	Affected: 3.11 Unaffected: 0 , < 3.11 (semver) Unaffected: 4.4.296 , ≤ 4.4.* (semver) Unaffected: 4.9.294 , ≤ 4.9.* (semver) Unaffected: 4.14.259 , ≤ 4.14.* (semver) Unaffected: 4.19.222 , ≤ 4.19.* (semver) Unaffected: 5.4.167 , ≤ 5.4.* (semver) Unaffected: 5.10.87 , ≤ 5.10.* (semver) Unaffected: 5.15.10 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:47:40.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c54a60c8fbaa774f828e26df79f66229a8a0e010"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/40cf2e058832d9cfaae98dfd77334926275598b6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54e785f7d5c197bc06dbb8053700df7e2a093ced"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff3f517bf7138e01a17369042908a3f345c0ee41"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c0315e93552e0d840e9edc6abd71c7db82ec8f51"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dadce61247c6230489527cc5e343b6002d1114c5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c986072a8c9249b9398c7a18f216dc26a9f0e35"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f123cffdd8fe8ea6c7fded4b88516a42798797d0"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47606",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:12:08.038077Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:51.449Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netlink/af_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c54a60c8fbaa774f828e26df79f66229a8a0e010",
              "status": "affected",
              "version": "bcbde0d449eda7afa8f63280b165c8300dbd00e2",
              "versionType": "git"
            },
            {
              "lessThan": "40cf2e058832d9cfaae98dfd77334926275598b6",
              "status": "affected",
              "version": "bcbde0d449eda7afa8f63280b165c8300dbd00e2",
              "versionType": "git"
            },
            {
              "lessThan": "54e785f7d5c197bc06dbb8053700df7e2a093ced",
              "status": "affected",
              "version": "bcbde0d449eda7afa8f63280b165c8300dbd00e2",
              "versionType": "git"
            },
            {
              "lessThan": "ff3f517bf7138e01a17369042908a3f345c0ee41",
              "status": "affected",
              "version": "bcbde0d449eda7afa8f63280b165c8300dbd00e2",
              "versionType": "git"
            },
            {
              "lessThan": "c0315e93552e0d840e9edc6abd71c7db82ec8f51",
              "status": "affected",
              "version": "bcbde0d449eda7afa8f63280b165c8300dbd00e2",
              "versionType": "git"
            },
            {
              "lessThan": "dadce61247c6230489527cc5e343b6002d1114c5",
              "status": "affected",
              "version": "bcbde0d449eda7afa8f63280b165c8300dbd00e2",
              "versionType": "git"
            },
            {
              "lessThan": "4c986072a8c9249b9398c7a18f216dc26a9f0e35",
              "status": "affected",
              "version": "bcbde0d449eda7afa8f63280b165c8300dbd00e2",
              "versionType": "git"
            },
            {
              "lessThan": "f123cffdd8fe8ea6c7fded4b88516a42798797d0",
              "status": "affected",
              "version": "bcbde0d449eda7afa8f63280b165c8300dbd00e2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netlink/af_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.11"
            },
            {
              "lessThan": "3.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.296",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.294",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.259",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.296",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.294",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.259",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.222",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.167",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.87",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.10",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "3.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: netlink: af_netlink: Prevent empty skb by adding a check on len.\n\nAdding a check on len parameter to avoid empty skb. This prevents a\ndivision error in netem_enqueue function which is caused when skb-\u003elen=0\nand skb-\u003edata_len=0 in the randomized corruption step as shown below.\n\nskb-\u003edata[prandom_u32() % skb_headlen(skb)] ^= 1\u003c\u003c(prandom_u32() % 8);\n\nCrash Report:\n[  343.170349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family\n0 port 6081 - 0\n[  343.216110] netem: version 1.3\n[  343.235841] divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[  343.236680] CPU: 3 PID: 4288 Comm: reproducer Not tainted 5.16.0-rc1+\n[  343.237569] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS 1.11.0-2.el7 04/01/2014\n[  343.238707] RIP: 0010:netem_enqueue+0x1590/0x33c0 [sch_netem]\n[  343.239499] Code: 89 85 58 ff ff ff e8 5f 5d e9 d3 48 8b b5 48 ff ff\nff 8b 8d 50 ff ff ff 8b 85 58 ff ff ff 48 8b bd 70 ff ff ff 31 d2 2b 4f\n74 \u003cf7\u003e f1 48 b8 00 00 00 00 00 fc ff df 49 01 d5 4c 89 e9 48 c1 e9 03\n[  343.241883] RSP: 0018:ffff88800bcd7368 EFLAGS: 00010246\n[  343.242589] RAX: 00000000ba7c0a9c RBX: 0000000000000001 RCX:\n0000000000000000\n[  343.243542] RDX: 0000000000000000 RSI: ffff88800f8edb10 RDI:\nffff88800f8eda40\n[  343.244474] RBP: ffff88800bcd7458 R08: 0000000000000000 R09:\nffffffff94fb8445\n[  343.245403] R10: ffffffff94fb8336 R11: ffffffff94fb8445 R12:\n0000000000000000\n[  343.246355] R13: ffff88800a5a7000 R14: ffff88800a5b5800 R15:\n0000000000000020\n[  343.247291] FS:  00007fdde2bd7700(0000) GS:ffff888109780000(0000)\nknlGS:0000000000000000\n[  343.248350] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  343.249120] CR2: 00000000200000c0 CR3: 000000000ef4c000 CR4:\n00000000000006e0\n[  343.250076] Call Trace:\n[  343.250423]  \u003cTASK\u003e\n[  343.250713]  ? memcpy+0x4d/0x60\n[  343.251162]  ? netem_init+0xa0/0xa0 [sch_netem]\n[  343.251795]  ? __sanitizer_cov_trace_pc+0x21/0x60\n[  343.252443]  netem_enqueue+0xe28/0x33c0 [sch_netem]\n[  343.253102]  ? stack_trace_save+0x87/0xb0\n[  343.253655]  ? filter_irq_stacks+0xb0/0xb0\n[  343.254220]  ? netem_init+0xa0/0xa0 [sch_netem]\n[  343.254837]  ? __kasan_check_write+0x14/0x20\n[  343.255418]  ? _raw_spin_lock+0x88/0xd6\n[  343.255953]  dev_qdisc_enqueue+0x50/0x180\n[  343.256508]  __dev_queue_xmit+0x1a7e/0x3090\n[  343.257083]  ? netdev_core_pick_tx+0x300/0x300\n[  343.257690]  ? check_kcov_mode+0x10/0x40\n[  343.258219]  ? _raw_spin_unlock_irqrestore+0x29/0x40\n[  343.258899]  ? __kasan_init_slab_obj+0x24/0x30\n[  343.259529]  ? setup_object.isra.71+0x23/0x90\n[  343.260121]  ? new_slab+0x26e/0x4b0\n[  343.260609]  ? kasan_poison+0x3a/0x50\n[  343.261118]  ? kasan_unpoison+0x28/0x50\n[  343.261637]  ? __kasan_slab_alloc+0x71/0x90\n[  343.262214]  ? memcpy+0x4d/0x60\n[  343.262674]  ? write_comp_data+0x2f/0x90\n[  343.263209]  ? __kasan_check_write+0x14/0x20\n[  343.263802]  ? __skb_clone+0x5d6/0x840\n[  343.264329]  ? __sanitizer_cov_trace_pc+0x21/0x60\n[  343.264958]  dev_queue_xmit+0x1c/0x20\n[  343.265470]  netlink_deliver_tap+0x652/0x9c0\n[  343.266067]  netlink_unicast+0x5a0/0x7f0\n[  343.266608]  ? netlink_attachskb+0x860/0x860\n[  343.267183]  ? __sanitizer_cov_trace_pc+0x21/0x60\n[  343.267820]  ? write_comp_data+0x2f/0x90\n[  343.268367]  netlink_sendmsg+0x922/0xe80\n[  343.268899]  ? netlink_unicast+0x7f0/0x7f0\n[  343.269472]  ? __sanitizer_cov_trace_pc+0x21/0x60\n[  343.270099]  ? write_comp_data+0x2f/0x90\n[  343.270644]  ? netlink_unicast+0x7f0/0x7f0\n[  343.271210]  sock_sendmsg+0x155/0x190\n[  343.271721]  ____sys_sendmsg+0x75f/0x8f0\n[  343.272262]  ? kernel_sendmsg+0x60/0x60\n[  343.272788]  ? write_comp_data+0x2f/0x90\n[  343.273332]  ? write_comp_data+0x2f/0x90\n[  343.273869]  ___sys_sendmsg+0x10f/0x190\n[  343.274405]  ? sendmsg_copy_msghdr+0x80/0x80\n[  343.274984]  ? slab_post_alloc_hook+0x70/0x230\n[  343.275597]  ? futex_wait_setup+0x240/0x240\n[  343.276175]  ? security_file_alloc+0x3e/0x170\n[  343.276779]  ? write_comp_d\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:57:47.811Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c54a60c8fbaa774f828e26df79f66229a8a0e010"
        },
        {
          "url": "https://git.kernel.org/stable/c/40cf2e058832d9cfaae98dfd77334926275598b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/54e785f7d5c197bc06dbb8053700df7e2a093ced"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff3f517bf7138e01a17369042908a3f345c0ee41"
        },
        {
          "url": "https://git.kernel.org/stable/c/c0315e93552e0d840e9edc6abd71c7db82ec8f51"
        },
        {
          "url": "https://git.kernel.org/stable/c/dadce61247c6230489527cc5e343b6002d1114c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c986072a8c9249b9398c7a18f216dc26a9f0e35"
        },
        {
          "url": "https://git.kernel.org/stable/c/f123cffdd8fe8ea6c7fded4b88516a42798797d0"
        }
      ],
      "title": "net: netlink: af_netlink: Prevent empty skb by adding a check on len.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47606",
    "datePublished": "2024-06-19T14:54:05.025Z",
    "dateReserved": "2024-05-24T15:11:00.737Z",
    "dateUpdated": "2026-05-11T13:57:47.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52651 (GCVE-0-2023-52651)

Vulnerability from cvelistv5 – Published: 2024-05-01 12:53 – Updated: 2024-05-02 10:07

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2024-05-02T10:07:14.570Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52651",
    "datePublished": "2024-05-01T12:53:15.604Z",
    "dateRejected": "2024-05-02T10:07:14.570Z",
    "dateReserved": "2024-03-06T09:52:12.097Z",
    "dateUpdated": "2024-05-02T10:07:14.570Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.0"
}

CVE-2023-52864 (GCVE-0-2023-52864)

Vulnerability from cvelistv5 – Published: 2024-05-21 15:31 – Updated: 2026-05-11 19:34

Title

platform/x86: wmi: Fix opening of char device

Summary

In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, which means that private_data will not be NULL when wmi_char_open() is called. This might cause memory corruption should wmi_char_open() be unable to find its driver, something which can happen when the associated WMI device is deleted in wmi_free_devices(). Fix the problem by using the miscdevice pointer to retrieve the WMI device data associated with a char device using container_of(). This also avoids wmi_char_open() picking a wrong WMI device bound to a driver with the same name as the original driver.

Severity ?

No CVSS data available.

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/cf098e937dd125c03…
https://git.kernel.org/stable/c/9fb0eed09e1470cd4…
https://git.kernel.org/stable/c/d426a2955e45a95b2…
https://git.kernel.org/stable/c/e0bf076b734a2fab9…
https://git.kernel.org/stable/c/44a96796d25809502…
https://git.kernel.org/stable/c/36d85fa7ae0d6be65…
https://git.kernel.org/stable/c/fb7b06b59c6887659…
https://git.kernel.org/stable/c/eba9ac7abab91c8f6…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 , < cf098e937dd125c0317a0d6f261ac2a950a233d6 (git) Affected: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 , < 9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203 (git) Affected: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 , < d426a2955e45a95b2282764105fcfb110a540453 (git) Affected: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 , < e0bf076b734a2fab92d8fddc2b8b03462eee7097 (git) Affected: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 , < 44a96796d25809502c75771d40ee693c2e44724e (git) Affected: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 , < 36d85fa7ae0d6be651c1a745191fa7ef055db43e (git) Affected: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 , < fb7b06b59c6887659c6ed0ecd3110835eecbb6a3 (git) Affected: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 , < eba9ac7abab91c8f6d351460239108bef5e7a0b6 (git)
Linux	Linux	Affected: 4.15 Unaffected: 0 , < 4.15 (semver) Unaffected: 4.19.299 , ≤ 4.19.* (semver) Unaffected: 5.4.261 , ≤ 5.4.* (semver) Unaffected: 5.10.201 , ≤ 5.10.* (semver) Unaffected: 5.15.139 , ≤ 5.15.* (semver) Unaffected: 6.1.63 , ≤ 6.1.* (semver) Unaffected: 6.5.12 , ≤ 6.5.* (semver) Unaffected: 6.6.2 , ≤ 6.6.* (semver) Unaffected: 6.7 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52864",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-22T18:21:10.578430Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:24:07.966Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:36.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835eecbb6a3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eba9ac7abab91c8f6d351460239108bef5e7a0b6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/platform/x86/wmi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cf098e937dd125c0317a0d6f261ac2a950a233d6",
              "status": "affected",
              "version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
              "versionType": "git"
            },
            {
              "lessThan": "9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203",
              "status": "affected",
              "version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
              "versionType": "git"
            },
            {
              "lessThan": "d426a2955e45a95b2282764105fcfb110a540453",
              "status": "affected",
              "version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
              "versionType": "git"
            },
            {
              "lessThan": "e0bf076b734a2fab92d8fddc2b8b03462eee7097",
              "status": "affected",
              "version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
              "versionType": "git"
            },
            {
              "lessThan": "44a96796d25809502c75771d40ee693c2e44724e",
              "status": "affected",
              "version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
              "versionType": "git"
            },
            {
              "lessThan": "36d85fa7ae0d6be651c1a745191fa7ef055db43e",
              "status": "affected",
              "version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
              "versionType": "git"
            },
            {
              "lessThan": "fb7b06b59c6887659c6ed0ecd3110835eecbb6a3",
              "status": "affected",
              "version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
              "versionType": "git"
            },
            {
              "lessThan": "eba9ac7abab91c8f6d351460239108bef5e7a0b6",
              "status": "affected",
              "version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/platform/x86/wmi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.299",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.261",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.201",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.139",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.299",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.261",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.201",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.139",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.63",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.12",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.2",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: wmi: Fix opening of char device\n\nSince commit fa1f68db6ca7 (\"drivers: misc: pass miscdevice pointer via\nfile private data\"), the miscdevice stores a pointer to itself inside\nfilp-\u003eprivate_data, which means that private_data will not be NULL when\nwmi_char_open() is called. This might cause memory corruption should\nwmi_char_open() be unable to find its driver, something which can\nhappen when the associated WMI device is deleted in wmi_free_devices().\n\nFix the problem by using the miscdevice pointer to retrieve the WMI\ndevice data associated with a char device using container_of(). This\nalso avoids wmi_char_open() picking a wrong WMI device bound to a\ndriver with the same name as the original driver."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:34:30.188Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203"
        },
        {
          "url": "https://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097"
        },
        {
          "url": "https://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e"
        },
        {
          "url": "https://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835eecbb6a3"
        },
        {
          "url": "https://git.kernel.org/stable/c/eba9ac7abab91c8f6d351460239108bef5e7a0b6"
        }
      ],
      "title": "platform/x86: wmi: Fix opening of char device",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52864",
    "datePublished": "2024-05-21T15:31:55.875Z",
    "dateReserved": "2024-05-21T15:19:24.261Z",
    "dateUpdated": "2026-05-11T19:34:30.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-21823 (GCVE-0-2024-21823)

Vulnerability from cvelistv5 – Published: 2024-05-16 20:46 – Updated: 2024-08-14 20:45

Summary

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H

CWE

escalation of privilege
CWE-1264 - Hardware Logic with Insecure De-Synchronization between Control and Data Channels

Assigner

intel

References

4 references

URL	Tags
https://www.intel.com/content/www/us/en/security-…
https://lists.fedoraproject.org/archives/list/pac…
http://www.openwall.com/lists/oss-security/2024/05/15/1
https://lists.fedoraproject.org/archives/list/pac…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:36.291Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/15/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21823",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T18:02:56.696203Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-08T14:39:32.573Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "escalation of privilege",
              "lang": "en"
            },
            {
              "cweId": "CWE-1264",
              "description": "Hardware Logic with Insecure De-Synchronization between Control and Data Channels",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T20:45:24.842Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html"
        },
        {
          "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/",
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"
        },
        {
          "name": "http://www.openwall.com/lists/oss-security/2024/05/15/1",
          "url": "http://www.openwall.com/lists/oss-security/2024/05/15/1"
        },
        {
          "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/",
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2024-21823",
    "datePublished": "2024-05-16T20:46:57.735Z",
    "dateReserved": "2024-01-24T04:00:22.601Z",
    "dateUpdated": "2024-08-14T20:45:24.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26600 (GCVE-0-2024-26600)

Vulnerability from cvelistv5 – Published: 2024-02-24 14:56 – Updated: 2026-05-11 20:00

Title

phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP

Summary

In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Ethernet gadget triggering a wakeup for example: configfs-gadget.g1 gadget.0: ECM Suspend configfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup ... Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute ... PC is at 0x0 LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc] ... musb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core] usb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether] eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c dev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4 sch_direct_xmit from __dev_queue_xmit+0x334/0xd88 __dev_queue_xmit from arp_solicit+0xf0/0x268 arp_solicit from neigh_probe+0x54/0x7c neigh_probe from __neigh_event_send+0x22c/0x47c __neigh_event_send from neigh_resolve_output+0x14c/0x1c0 neigh_resolve_output from ip_finish_output2+0x1c8/0x628 ip_finish_output2 from ip_send_skb+0x40/0xd8 ip_send_skb from udp_send_skb+0x124/0x340 udp_send_skb from udp_sendmsg+0x780/0x984 udp_sendmsg from __sys_sendto+0xd8/0x158 __sys_sendto from ret_fast_syscall+0x0/0x58 Let's fix the issue by checking for send_srp() and set_vbus() before calling them. For USB peripheral only cases these both could be NULL.

Severity ?

No CVSS data available.

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/486218c11e8d1c8f5…
https://git.kernel.org/stable/c/8398d8d735ee93a04…
https://git.kernel.org/stable/c/be3b82e4871ba00e9…
https://git.kernel.org/stable/c/8cc889b9dea057972…
https://git.kernel.org/stable/c/0430bfcd46657d911…
https://git.kernel.org/stable/c/14ef61594a5a286ae…
https://git.kernel.org/stable/c/396e17af6761b3cc9…
https://git.kernel.org/stable/c/7104ba0f1958adb25…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 486218c11e8d1c8f515a3bdd70d62203609d4b6b (git) Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 8398d8d735ee93a04fb9e9f490e8cacd737e3bf5 (git) Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < be3b82e4871ba00e9b5d0ede92d396d579d7b3b3 (git) Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 8cc889b9dea0579726be9520fcc766077890b462 (git) Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 0430bfcd46657d9116a26cd377f112cbc40826a4 (git) Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 14ef61594a5a286ae0d493b8acbf9eac46fd04c4 (git) Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 396e17af6761b3cc9e6e4ca94b4de7f642bfece1 (git) Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 7104ba0f1958adb250319e68a15eff89ec4fd36d (git)
Linux	Linux	Affected: 3.7 Unaffected: 0 , < 3.7 (semver) Unaffected: 4.19.307 , ≤ 4.19.* (semver) Unaffected: 5.4.269 , ≤ 5.4.* (semver) Unaffected: 5.10.210 , ≤ 5.10.* (semver) Unaffected: 5.15.149 , ≤ 5.15.* (semver) Unaffected: 6.1.78 , ≤ 6.1.* (semver) Unaffected: 6.6.17 , ≤ 6.6.* (semver) Unaffected: 6.7.5 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26600",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-28T17:03:23.255963Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-28T17:03:34.995Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.673Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f642bfece1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7104ba0f1958adb250319e68a15eff89ec4fd36d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/phy/ti/phy-omap-usb2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "486218c11e8d1c8f515a3bdd70d62203609d4b6b",
              "status": "affected",
              "version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
              "versionType": "git"
            },
            {
              "lessThan": "8398d8d735ee93a04fb9e9f490e8cacd737e3bf5",
              "status": "affected",
              "version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
              "versionType": "git"
            },
            {
              "lessThan": "be3b82e4871ba00e9b5d0ede92d396d579d7b3b3",
              "status": "affected",
              "version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
              "versionType": "git"
            },
            {
              "lessThan": "8cc889b9dea0579726be9520fcc766077890b462",
              "status": "affected",
              "version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
              "versionType": "git"
            },
            {
              "lessThan": "0430bfcd46657d9116a26cd377f112cbc40826a4",
              "status": "affected",
              "version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
              "versionType": "git"
            },
            {
              "lessThan": "14ef61594a5a286ae0d493b8acbf9eac46fd04c4",
              "status": "affected",
              "version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
              "versionType": "git"
            },
            {
              "lessThan": "396e17af6761b3cc9e6e4ca94b4de7f642bfece1",
              "status": "affected",
              "version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
              "versionType": "git"
            },
            {
              "lessThan": "7104ba0f1958adb250319e68a15eff89ec4fd36d",
              "status": "affected",
              "version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/phy/ti/phy-omap-usb2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "lessThan": "3.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.78",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.78",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.17",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.5",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP\n\nIf the external phy working together with phy-omap-usb2 does not implement\nsend_srp(), we may still attempt to call it. This can happen on an idle\nEthernet gadget triggering a wakeup for example:\n\nconfigfs-gadget.g1 gadget.0: ECM Suspend\nconfigfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup\n...\nUnable to handle kernel NULL pointer dereference at virtual address\n00000000 when execute\n...\nPC is at 0x0\nLR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]\n...\nmusb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]\nusb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]\neth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c\ndev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4\nsch_direct_xmit from __dev_queue_xmit+0x334/0xd88\n__dev_queue_xmit from arp_solicit+0xf0/0x268\narp_solicit from neigh_probe+0x54/0x7c\nneigh_probe from __neigh_event_send+0x22c/0x47c\n__neigh_event_send from neigh_resolve_output+0x14c/0x1c0\nneigh_resolve_output from ip_finish_output2+0x1c8/0x628\nip_finish_output2 from ip_send_skb+0x40/0xd8\nip_send_skb from udp_send_skb+0x124/0x340\nudp_send_skb from udp_sendmsg+0x780/0x984\nudp_sendmsg from __sys_sendto+0xd8/0x158\n__sys_sendto from ret_fast_syscall+0x0/0x58\n\nLet\u0027s fix the issue by checking for send_srp() and set_vbus() before\ncalling them. For USB peripheral only cases these both could be NULL."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:00:33.641Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b"
        },
        {
          "url": "https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462"
        },
        {
          "url": "https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f642bfece1"
        },
        {
          "url": "https://git.kernel.org/stable/c/7104ba0f1958adb250319e68a15eff89ec4fd36d"
        }
      ],
      "title": "phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26600",
    "datePublished": "2024-02-24T14:56:55.674Z",
    "dateReserved": "2024-02-19T14:20:24.128Z",
    "dateUpdated": "2026-05-11T20:00:33.641Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26808 (GCVE-0-2024-26808)

Vulnerability from cvelistv5 – Published: 2024-04-04 09:50 – Updated: 2026-05-11 20:04

Title

netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER event is reported, otherwise a stale reference to netdevice remains in the hook list.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

6 references

URL	Tags
https://git.kernel.org/stable/c/9489e214ea8f2a903…
https://git.kernel.org/stable/c/70f17b48c86622217…
https://git.kernel.org/stable/c/af149a46890e8285d…
https://git.kernel.org/stable/c/e5888acbf1a3d8d02…
https://git.kernel.org/stable/c/36a0a80f322092384…
https://git.kernel.org/stable/c/01acb2e8666a65296…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 60a3815da702fd9e4759945f26cce5c47d3967ad , < 9489e214ea8f2a90345516016aa51f2db3a8cc2f (git) Affected: 60a3815da702fd9e4759945f26cce5c47d3967ad , < 70f17b48c86622217a58d5099d29242fc9adac58 (git) Affected: 60a3815da702fd9e4759945f26cce5c47d3967ad , < af149a46890e8285d1618bd68b8d159bdb87fdb3 (git) Affected: 60a3815da702fd9e4759945f26cce5c47d3967ad , < e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4 (git) Affected: 60a3815da702fd9e4759945f26cce5c47d3967ad , < 36a0a80f32209238469deb481967d777a3d539ee (git) Affected: 60a3815da702fd9e4759945f26cce5c47d3967ad , < 01acb2e8666a6529697141a6017edbf206921913 (git)
Linux	Linux	Affected: 5.10 Unaffected: 0 , < 5.10 (semver) Unaffected: 5.10.210 , ≤ 5.10.* (semver) Unaffected: 5.15.149 , ≤ 5.15.* (semver) Unaffected: 6.1.76 , ≤ 6.1.* (semver) Unaffected: 6.6.15 , ≤ 6.6.* (semver) Unaffected: 6.7.3 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9489e214ea8f2a90345516016aa51f2db3a8cc2f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/70f17b48c86622217a58d5099d29242fc9adac58"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af149a46890e8285d1618bd68b8d159bdb87fdb3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/36a0a80f32209238469deb481967d777a3d539ee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/01acb2e8666a6529697141a6017edbf206921913"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26808",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T19:35:33.665875Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T19:36:03.888Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_chain_filter.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9489e214ea8f2a90345516016aa51f2db3a8cc2f",
              "status": "affected",
              "version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
              "versionType": "git"
            },
            {
              "lessThan": "70f17b48c86622217a58d5099d29242fc9adac58",
              "status": "affected",
              "version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
              "versionType": "git"
            },
            {
              "lessThan": "af149a46890e8285d1618bd68b8d159bdb87fdb3",
              "status": "affected",
              "version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
              "versionType": "git"
            },
            {
              "lessThan": "e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4",
              "status": "affected",
              "version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
              "versionType": "git"
            },
            {
              "lessThan": "36a0a80f32209238469deb481967d777a3d539ee",
              "status": "affected",
              "version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
              "versionType": "git"
            },
            {
              "lessThan": "01acb2e8666a6529697141a6017edbf206921913",
              "status": "affected",
              "version": "60a3815da702fd9e4759945f26cce5c47d3967ad",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_chain_filter.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.76",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.15",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.3",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain\n\nRemove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER\nevent is reported, otherwise a stale reference to netdevice remains in\nthe hook list."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:04:34.339Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9489e214ea8f2a90345516016aa51f2db3a8cc2f"
        },
        {
          "url": "https://git.kernel.org/stable/c/70f17b48c86622217a58d5099d29242fc9adac58"
        },
        {
          "url": "https://git.kernel.org/stable/c/af149a46890e8285d1618bd68b8d159bdb87fdb3"
        },
        {
          "url": "https://git.kernel.org/stable/c/e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/36a0a80f32209238469deb481967d777a3d539ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/01acb2e8666a6529697141a6017edbf206921913"
        }
      ],
      "title": "netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26808",
    "datePublished": "2024-04-04T09:50:26.672Z",
    "dateReserved": "2024-02-19T14:20:24.179Z",
    "dateUpdated": "2026-05-11T20:04:34.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26828 (GCVE-0-2024-26828)

Vulnerability from cvelistv5 – Published: 2024-04-17 09:43 – Updated: 2026-05-11 20:04

Title

cifs: fix underflow in parse_server_interfaces()

Summary

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "bytes_left" is type ssize_t while sizeof() is type size_t. That means that because of type promotion, the comparison is done as an unsigned and if we have negative bytes left the loop continues instead of ending.

Severity ?

6.7 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

4 references

URL	Tags
https://git.kernel.org/stable/c/7190353835b4a219a…
https://git.kernel.org/stable/c/f7ff1c89fb6e9610d…
https://git.kernel.org/stable/c/df2af9fdbc4ddde18…
https://git.kernel.org/stable/c/cffe487026be13eaf…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: fe856be475f7cf5ffcde57341d175ce9fd09434b , < 7190353835b4a219abb70f90b06cdcae97f11512 (git) Affected: fe856be475f7cf5ffcde57341d175ce9fd09434b , < f7ff1c89fb6e9610d2b01c1821727729e6609308 (git) Affected: fe856be475f7cf5ffcde57341d175ce9fd09434b , < df2af9fdbc4ddde18a3371c4ca1a86596e8be301 (git) Affected: fe856be475f7cf5ffcde57341d175ce9fd09434b , < cffe487026be13eaf37ea28b783d9638ab147204 (git)
Linux	Linux	Affected: 4.18 Unaffected: 0 , < 4.18 (semver) Unaffected: 6.1.79 , ≤ 6.1.* (semver) Unaffected: 6.6.18 , ≤ 6.6.* (semver) Unaffected: 6.7.6 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26828",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T17:36:16.490979Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-04T18:28:47.130Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.603Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7190353835b4a219abb70f90b06cdcae97f11512"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f7ff1c89fb6e9610d2b01c1821727729e6609308"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/df2af9fdbc4ddde18a3371c4ca1a86596e8be301"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cffe487026be13eaf37ea28b783d9638ab147204"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/smb2ops.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7190353835b4a219abb70f90b06cdcae97f11512",
              "status": "affected",
              "version": "fe856be475f7cf5ffcde57341d175ce9fd09434b",
              "versionType": "git"
            },
            {
              "lessThan": "f7ff1c89fb6e9610d2b01c1821727729e6609308",
              "status": "affected",
              "version": "fe856be475f7cf5ffcde57341d175ce9fd09434b",
              "versionType": "git"
            },
            {
              "lessThan": "df2af9fdbc4ddde18a3371c4ca1a86596e8be301",
              "status": "affected",
              "version": "fe856be475f7cf5ffcde57341d175ce9fd09434b",
              "versionType": "git"
            },
            {
              "lessThan": "cffe487026be13eaf37ea28b783d9638ab147204",
              "status": "affected",
              "version": "fe856be475f7cf5ffcde57341d175ce9fd09434b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/smb2ops.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.79",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.18",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix underflow in parse_server_interfaces()\n\nIn this loop, we step through the buffer and after each item we check\nif the size_left is greater than the minimum size we need.  However,\nthe problem is that \"bytes_left\" is type ssize_t while sizeof() is type\nsize_t.  That means that because of type promotion, the comparison is\ndone as an unsigned and if we have negative bytes left the loop\ncontinues instead of ending."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:04:54.580Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7190353835b4a219abb70f90b06cdcae97f11512"
        },
        {
          "url": "https://git.kernel.org/stable/c/f7ff1c89fb6e9610d2b01c1821727729e6609308"
        },
        {
          "url": "https://git.kernel.org/stable/c/df2af9fdbc4ddde18a3371c4ca1a86596e8be301"
        },
        {
          "url": "https://git.kernel.org/stable/c/cffe487026be13eaf37ea28b783d9638ab147204"
        }
      ],
      "title": "cifs: fix underflow in parse_server_interfaces()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26828",
    "datePublished": "2024-04-17T09:43:52.995Z",
    "dateReserved": "2024-02-19T14:20:24.181Z",
    "dateUpdated": "2026-05-11T20:04:54.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26853 (GCVE-0-2024-26853)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:17 – Updated: 2026-05-11 20:05

Title

igc: avoid returning frame twice in XDP_REDIRECT

Summary

In the Linux kernel, the following vulnerability has been resolved: igc: avoid returning frame twice in XDP_REDIRECT When a frame can not be transmitted in XDP_REDIRECT (e.g. due to a full queue), it is necessary to free it by calling xdp_return_frame_rx_napi. However, this is the responsibility of the caller of the ndo_xdp_xmit (see for example bq_xmit_all in kernel/bpf/devmap.c) and thus calling it inside igc_xdp_xmit (which is the ndo_xdp_xmit of the igc driver) as well will lead to memory corruption. In fact, bq_xmit_all expects that it can return all frames after the last successfully transmitted one. Therefore, break for the first not transmitted frame, but do not call xdp_return_frame_rx_napi in igc_xdp_xmit. This is equally implemented in other Intel drivers such as the igb. There are two alternatives to this that were rejected: 1. Return num_frames as all the frames would have been transmitted and release them inside igc_xdp_xmit. While it might work technically, it is not what the return value is meant to represent (i.e. the number of SUCCESSFULLY transmitted packets). 2. Rework kernel/bpf/devmap.c and all drivers to support non-consecutively dropped packets. Besides being complex, it likely has a negative performance impact without a significant gain since it is anyway unlikely that the next frame can be transmitted if the previous one was dropped. The memory corruption can be reproduced with the following script which leads to a kernel panic after a few seconds. It basically generates more traffic than a i225 NIC can transmit and pushes it via XDP_REDIRECT from a virtual interface to the physical interface where frames get dropped. #!/bin/bash INTERFACE=enp4s0 INTERFACE_IDX=`cat /sys/class/net/$INTERFACE/ifindex` sudo ip link add dev veth1 type veth peer name veth2 sudo ip link set up $INTERFACE sudo ip link set up veth1 sudo ip link set up veth2 cat << EOF > redirect.bpf.c SEC("prog") int redirect(struct xdp_md *ctx) { return bpf_redirect($INTERFACE_IDX, 0); } char _license[] SEC("license") = "GPL"; EOF clang -O2 -g -Wall -target bpf -c redirect.bpf.c -o redirect.bpf.o sudo ip link set veth2 xdp obj redirect.bpf.o cat << EOF > pass.bpf.c SEC("prog") int pass(struct xdp_md *ctx) { return XDP_PASS; } char _license[] SEC("license") = "GPL"; EOF clang -O2 -g -Wall -target bpf -c pass.bpf.c -o pass.bpf.o sudo ip link set $INTERFACE xdp obj pass.bpf.o cat << EOF > trafgen.cfg { /* Ethernet Header */ 0xe8, 0x6a, 0x64, 0x41, 0xbf, 0x46, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, const16(ETH_P_IP), /* IPv4 Header */ 0b01000101, 0, # IPv4 version, IHL, TOS const16(1028), # IPv4 total length (UDP length + 20 bytes (IP header)) const16(2), # IPv4 ident 0b01000000, 0, # IPv4 flags, fragmentation off 64, # IPv4 TTL 17, # Protocol UDP csumip(14, 33), # IPv4 checksum /* UDP Header */ 10, 0, 1, 1, # IP Src - adapt as needed 10, 0, 1, 2, # IP Dest - adapt as needed const16(6666), # UDP Src Port const16(6666), # UDP Dest Port const16(1008), # UDP length (UDP header 8 bytes + payload length) csumudp(14, 34), # UDP checksum /* Payload */ fill('W', 1000), } EOF sudo trafgen -i trafgen.cfg -b3000MB -o veth1 --cpp

Severity ?

No CVSS data available.

Assigner

Linux

References

4 references

URL	Tags
https://git.kernel.org/stable/c/63a3c1f3c9ecc654d…
https://git.kernel.org/stable/c/8df393af9e7e8dfd6…
https://git.kernel.org/stable/c/1b3b8231386a572ba…
https://git.kernel.org/stable/c/ef27f655b438bed4c…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 4ff3203610928cac82d5627ce803559e78d61b91 , < 63a3c1f3c9ecc654d851e7906d05334cd0c236e2 (git) Affected: 4ff3203610928cac82d5627ce803559e78d61b91 , < 8df393af9e7e8dfd62e9c41dbaa4d2ff53bf794a (git) Affected: 4ff3203610928cac82d5627ce803559e78d61b91 , < 1b3b8231386a572bac8cd5b6fd7e944b84f9bb1f (git) Affected: 4ff3203610928cac82d5627ce803559e78d61b91 , < ef27f655b438bed4c83680e4f01e1cde2739854b (git)
Linux	Linux	Affected: 5.13 Unaffected: 0 , < 5.13 (semver) Unaffected: 6.1.82 , ≤ 6.1.* (semver) Unaffected: 6.6.22 , ≤ 6.6.* (semver) Unaffected: 6.7.10 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.713Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/63a3c1f3c9ecc654d851e7906d05334cd0c236e2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8df393af9e7e8dfd62e9c41dbaa4d2ff53bf794a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b3b8231386a572bac8cd5b6fd7e944b84f9bb1f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ef27f655b438bed4c83680e4f01e1cde2739854b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26853",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:48:38.543081Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:27.256Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/igc/igc_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "63a3c1f3c9ecc654d851e7906d05334cd0c236e2",
              "status": "affected",
              "version": "4ff3203610928cac82d5627ce803559e78d61b91",
              "versionType": "git"
            },
            {
              "lessThan": "8df393af9e7e8dfd62e9c41dbaa4d2ff53bf794a",
              "status": "affected",
              "version": "4ff3203610928cac82d5627ce803559e78d61b91",
              "versionType": "git"
            },
            {
              "lessThan": "1b3b8231386a572bac8cd5b6fd7e944b84f9bb1f",
              "status": "affected",
              "version": "4ff3203610928cac82d5627ce803559e78d61b91",
              "versionType": "git"
            },
            {
              "lessThan": "ef27f655b438bed4c83680e4f01e1cde2739854b",
              "status": "affected",
              "version": "4ff3203610928cac82d5627ce803559e78d61b91",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/igc/igc_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.82",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.82",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.22",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.10",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: avoid returning frame twice in XDP_REDIRECT\n\nWhen a frame can not be transmitted in XDP_REDIRECT\n(e.g. due to a full queue), it is necessary to free\nit by calling xdp_return_frame_rx_napi.\n\nHowever, this is the responsibility of the caller of\nthe ndo_xdp_xmit (see for example bq_xmit_all in\nkernel/bpf/devmap.c) and thus calling it inside\nigc_xdp_xmit (which is the ndo_xdp_xmit of the igc\ndriver) as well will lead to memory corruption.\n\nIn fact, bq_xmit_all expects that it can return all\nframes after the last successfully transmitted one.\nTherefore, break for the first not transmitted frame,\nbut do not call xdp_return_frame_rx_napi in igc_xdp_xmit.\nThis is equally implemented in other Intel drivers\nsuch as the igb.\n\nThere are two alternatives to this that were rejected:\n1. Return num_frames as all the frames would have been\n   transmitted and release them inside igc_xdp_xmit.\n   While it might work technically, it is not what\n   the return value is meant to represent (i.e. the\n   number of SUCCESSFULLY transmitted packets).\n2. Rework kernel/bpf/devmap.c and all drivers to\n   support non-consecutively dropped packets.\n   Besides being complex, it likely has a negative\n   performance impact without a significant gain\n   since it is anyway unlikely that the next frame\n   can be transmitted if the previous one was dropped.\n\nThe memory corruption can be reproduced with\nthe following script which leads to a kernel panic\nafter a few seconds.  It basically generates more\ntraffic than a i225 NIC can transmit and pushes it\nvia XDP_REDIRECT from a virtual interface to the\nphysical interface where frames get dropped.\n\n   #!/bin/bash\n   INTERFACE=enp4s0\n   INTERFACE_IDX=`cat /sys/class/net/$INTERFACE/ifindex`\n\n   sudo ip link add dev veth1 type veth peer name veth2\n   sudo ip link set up $INTERFACE\n   sudo ip link set up veth1\n   sudo ip link set up veth2\n\n   cat \u003c\u003c EOF \u003e redirect.bpf.c\n\n   SEC(\"prog\")\n   int redirect(struct xdp_md *ctx)\n   {\n       return bpf_redirect($INTERFACE_IDX, 0);\n   }\n\n   char _license[] SEC(\"license\") = \"GPL\";\n   EOF\n   clang -O2 -g -Wall -target bpf -c redirect.bpf.c -o redirect.bpf.o\n   sudo ip link set veth2 xdp obj redirect.bpf.o\n\n   cat \u003c\u003c EOF \u003e pass.bpf.c\n\n   SEC(\"prog\")\n   int pass(struct xdp_md *ctx)\n   {\n       return XDP_PASS;\n   }\n\n   char _license[] SEC(\"license\") = \"GPL\";\n   EOF\n   clang -O2 -g -Wall -target bpf -c pass.bpf.c -o pass.bpf.o\n   sudo ip link set $INTERFACE xdp obj pass.bpf.o\n\n   cat \u003c\u003c EOF \u003e trafgen.cfg\n\n   {\n     /* Ethernet Header */\n     0xe8, 0x6a, 0x64, 0x41, 0xbf, 0x46,\n     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n     const16(ETH_P_IP),\n\n     /* IPv4 Header */\n     0b01000101, 0,   # IPv4 version, IHL, TOS\n     const16(1028),   # IPv4 total length (UDP length + 20 bytes (IP header))\n     const16(2),      # IPv4 ident\n     0b01000000, 0,   # IPv4 flags, fragmentation off\n     64,              # IPv4 TTL\n     17,              # Protocol UDP\n     csumip(14, 33),  # IPv4 checksum\n\n     /* UDP Header */\n     10,  0, 1, 1,    # IP Src - adapt as needed\n     10,  0, 1, 2,    # IP Dest - adapt as needed\n     const16(6666),   # UDP Src Port\n     const16(6666),   # UDP Dest Port\n     const16(1008),   # UDP length (UDP header 8 bytes + payload length)\n     csumudp(14, 34), # UDP checksum\n\n     /* Payload */\n     fill(\u0027W\u0027, 1000),\n   }\n   EOF\n\n   sudo trafgen -i trafgen.cfg -b3000MB -o veth1 --cpp"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:05:23.645Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/63a3c1f3c9ecc654d851e7906d05334cd0c236e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/8df393af9e7e8dfd62e9c41dbaa4d2ff53bf794a"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b3b8231386a572bac8cd5b6fd7e944b84f9bb1f"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef27f655b438bed4c83680e4f01e1cde2739854b"
        }
      ],
      "title": "igc: avoid returning frame twice in XDP_REDIRECT",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26853",
    "datePublished": "2024-04-17T10:17:16.571Z",
    "dateReserved": "2024-02-19T14:20:24.183Z",
    "dateUpdated": "2026-05-11T20:05:23.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26868 (GCVE-0-2024-26868)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2026-05-11 20:05

Title

nfs: fix panic when nfs4_ff_layout_prepare_ds() fails

Summary

In the Linux kernel, the following vulnerability has been resolved: nfs: fix panic when nfs4_ff_layout_prepare_ds() fails We've been seeing the following panic in production BUG: kernel NULL pointer dereference, address: 0000000000000065 PGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD 0 RIP: 0010:ff_layout_cancel_io+0x3a/0x90 [nfs_layout_flexfiles] Call Trace: <TASK> ? __die+0x78/0xc0 ? page_fault_oops+0x286/0x380 ? __rpc_execute+0x2c3/0x470 [sunrpc] ? rpc_new_task+0x42/0x1c0 [sunrpc] ? exc_page_fault+0x5d/0x110 ? asm_exc_page_fault+0x22/0x30 ? ff_layout_free_layoutreturn+0x110/0x110 [nfs_layout_flexfiles] ? ff_layout_cancel_io+0x3a/0x90 [nfs_layout_flexfiles] ? ff_layout_cancel_io+0x6f/0x90 [nfs_layout_flexfiles] pnfs_mark_matching_lsegs_return+0x1b0/0x360 [nfsv4] pnfs_error_mark_layout_for_return+0x9e/0x110 [nfsv4] ? ff_layout_send_layouterror+0x50/0x160 [nfs_layout_flexfiles] nfs4_ff_layout_prepare_ds+0x11f/0x290 [nfs_layout_flexfiles] ff_layout_pg_init_write+0xf0/0x1f0 [nfs_layout_flexfiles] __nfs_pageio_add_request+0x154/0x6c0 [nfs] nfs_pageio_add_request+0x26b/0x380 [nfs] nfs_do_writepage+0x111/0x1e0 [nfs] nfs_writepages_callback+0xf/0x30 [nfs] write_cache_pages+0x17f/0x380 ? nfs_pageio_init_write+0x50/0x50 [nfs] ? nfs_writepages+0x6d/0x210 [nfs] ? nfs_writepages+0x6d/0x210 [nfs] nfs_writepages+0x125/0x210 [nfs] do_writepages+0x67/0x220 ? generic_perform_write+0x14b/0x210 filemap_fdatawrite_wbc+0x5b/0x80 file_write_and_wait_range+0x6d/0xc0 nfs_file_fsync+0x81/0x170 [nfs] ? nfs_file_mmap+0x60/0x60 [nfs] __x64_sys_fsync+0x53/0x90 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Inspecting the core with drgn I was able to pull this >>> prog.crashed_thread().stack_trace()[0] #0 at 0xffffffffa079657a (ff_layout_cancel_io+0x3a/0x84) in ff_layout_cancel_io at fs/nfs/flexfilelayout/flexfilelayout.c:2021:27 >>> prog.crashed_thread().stack_trace()[0]['idx'] (u32)1 >>> prog.crashed_thread().stack_trace()[0]['flseg'].mirror_array[1].mirror_ds (struct nfs4_ff_layout_ds *)0xffffffffffffffed This is clear from the stack trace, we call nfs4_ff_layout_prepare_ds() which could error out initializing the mirror_ds, and then we go to clean it all up and our check is only for if (!mirror->mirror_ds). This is inconsistent with the rest of the users of mirror_ds, which have if (IS_ERR_OR_NULL(mirror_ds)) to keep from tripping over this exact scenario. Fix this up in ff_layout_cancel_io() to make sure we don't panic when we get an error. I also spot checked all the other instances of checking mirror_ds and we appear to be doing the correct checks everywhere, only unconditionally dereferencing mirror_ds when we know it would be valid.

Severity ?

No CVSS data available.

Assigner

Linux

References

5 references

URL	Tags
https://git.kernel.org/stable/c/31db25e3141b20e2a…
https://git.kernel.org/stable/c/7ca651b4ec4a049f5…
https://git.kernel.org/stable/c/5ada9016b1217498f…
https://git.kernel.org/stable/c/dac068f164ad05b35…
https://git.kernel.org/stable/c/719fcafe07c126466…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: b739a5bd9d9f18cc69dced8db128ef7206e000cd , < 31db25e3141b20e2a76a9f219eeca52e3cab126c (git) Affected: b739a5bd9d9f18cc69dced8db128ef7206e000cd , < 7ca651b4ec4a049f5a46a0e5ff921b86b91c47c5 (git) Affected: b739a5bd9d9f18cc69dced8db128ef7206e000cd , < 5ada9016b1217498fad876a3d5b07645cc955608 (git) Affected: b739a5bd9d9f18cc69dced8db128ef7206e000cd , < dac068f164ad05b35e7c0be13f138c3f6adca58f (git) Affected: b739a5bd9d9f18cc69dced8db128ef7206e000cd , < 719fcafe07c12646691bd62d7f8d94d657fa0766 (git)
Linux	Linux	Affected: 6.1 Unaffected: 0 , < 6.1 (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26868",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T19:56:48.883135Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:27.644Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:04.259Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/31db25e3141b20e2a76a9f219eeca52e3cab126c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7ca651b4ec4a049f5a46a0e5ff921b86b91c47c5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ada9016b1217498fad876a3d5b07645cc955608"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dac068f164ad05b35e7c0be13f138c3f6adca58f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/719fcafe07c12646691bd62d7f8d94d657fa0766"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/flexfilelayout/flexfilelayout.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "31db25e3141b20e2a76a9f219eeca52e3cab126c",
              "status": "affected",
              "version": "b739a5bd9d9f18cc69dced8db128ef7206e000cd",
              "versionType": "git"
            },
            {
              "lessThan": "7ca651b4ec4a049f5a46a0e5ff921b86b91c47c5",
              "status": "affected",
              "version": "b739a5bd9d9f18cc69dced8db128ef7206e000cd",
              "versionType": "git"
            },
            {
              "lessThan": "5ada9016b1217498fad876a3d5b07645cc955608",
              "status": "affected",
              "version": "b739a5bd9d9f18cc69dced8db128ef7206e000cd",
              "versionType": "git"
            },
            {
              "lessThan": "dac068f164ad05b35e7c0be13f138c3f6adca58f",
              "status": "affected",
              "version": "b739a5bd9d9f18cc69dced8db128ef7206e000cd",
              "versionType": "git"
            },
            {
              "lessThan": "719fcafe07c12646691bd62d7f8d94d657fa0766",
              "status": "affected",
              "version": "b739a5bd9d9f18cc69dced8db128ef7206e000cd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/flexfilelayout/flexfilelayout.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: fix panic when nfs4_ff_layout_prepare_ds() fails\n\nWe\u0027ve been seeing the following panic in production\n\nBUG: kernel NULL pointer dereference, address: 0000000000000065\nPGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD 0\nRIP: 0010:ff_layout_cancel_io+0x3a/0x90 [nfs_layout_flexfiles]\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x78/0xc0\n ? page_fault_oops+0x286/0x380\n ? __rpc_execute+0x2c3/0x470 [sunrpc]\n ? rpc_new_task+0x42/0x1c0 [sunrpc]\n ? exc_page_fault+0x5d/0x110\n ? asm_exc_page_fault+0x22/0x30\n ? ff_layout_free_layoutreturn+0x110/0x110 [nfs_layout_flexfiles]\n ? ff_layout_cancel_io+0x3a/0x90 [nfs_layout_flexfiles]\n ? ff_layout_cancel_io+0x6f/0x90 [nfs_layout_flexfiles]\n pnfs_mark_matching_lsegs_return+0x1b0/0x360 [nfsv4]\n pnfs_error_mark_layout_for_return+0x9e/0x110 [nfsv4]\n ? ff_layout_send_layouterror+0x50/0x160 [nfs_layout_flexfiles]\n nfs4_ff_layout_prepare_ds+0x11f/0x290 [nfs_layout_flexfiles]\n ff_layout_pg_init_write+0xf0/0x1f0 [nfs_layout_flexfiles]\n __nfs_pageio_add_request+0x154/0x6c0 [nfs]\n nfs_pageio_add_request+0x26b/0x380 [nfs]\n nfs_do_writepage+0x111/0x1e0 [nfs]\n nfs_writepages_callback+0xf/0x30 [nfs]\n write_cache_pages+0x17f/0x380\n ? nfs_pageio_init_write+0x50/0x50 [nfs]\n ? nfs_writepages+0x6d/0x210 [nfs]\n ? nfs_writepages+0x6d/0x210 [nfs]\n nfs_writepages+0x125/0x210 [nfs]\n do_writepages+0x67/0x220\n ? generic_perform_write+0x14b/0x210\n filemap_fdatawrite_wbc+0x5b/0x80\n file_write_and_wait_range+0x6d/0xc0\n nfs_file_fsync+0x81/0x170 [nfs]\n ? nfs_file_mmap+0x60/0x60 [nfs]\n __x64_sys_fsync+0x53/0x90\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nInspecting the core with drgn I was able to pull this\n\n  \u003e\u003e\u003e prog.crashed_thread().stack_trace()[0]\n  #0 at 0xffffffffa079657a (ff_layout_cancel_io+0x3a/0x84) in ff_layout_cancel_io at fs/nfs/flexfilelayout/flexfilelayout.c:2021:27\n  \u003e\u003e\u003e prog.crashed_thread().stack_trace()[0][\u0027idx\u0027]\n  (u32)1\n  \u003e\u003e\u003e prog.crashed_thread().stack_trace()[0][\u0027flseg\u0027].mirror_array[1].mirror_ds\n  (struct nfs4_ff_layout_ds *)0xffffffffffffffed\n\nThis is clear from the stack trace, we call nfs4_ff_layout_prepare_ds()\nwhich could error out initializing the mirror_ds, and then we go to\nclean it all up and our check is only for if (!mirror-\u003emirror_ds).  This\nis inconsistent with the rest of the users of mirror_ds, which have\n\n  if (IS_ERR_OR_NULL(mirror_ds))\n\nto keep from tripping over this exact scenario.  Fix this up in\nff_layout_cancel_io() to make sure we don\u0027t panic when we get an error.\nI also spot checked all the other instances of checking mirror_ds and we\nappear to be doing the correct checks everywhere, only unconditionally\ndereferencing mirror_ds when we know it would be valid."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:05:41.320Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/31db25e3141b20e2a76a9f219eeca52e3cab126c"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ca651b4ec4a049f5a46a0e5ff921b86b91c47c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ada9016b1217498fad876a3d5b07645cc955608"
        },
        {
          "url": "https://git.kernel.org/stable/c/dac068f164ad05b35e7c0be13f138c3f6adca58f"
        },
        {
          "url": "https://git.kernel.org/stable/c/719fcafe07c12646691bd62d7f8d94d657fa0766"
        }
      ],
      "title": "nfs: fix panic when nfs4_ff_layout_prepare_ds() fails",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26868",
    "datePublished": "2024-04-17T10:27:29.431Z",
    "dateReserved": "2024-02-19T14:20:24.184Z",
    "dateUpdated": "2026-05-11T20:05:41.320Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26897 (GCVE-0-2024-26897)

Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2026-05-23 15:39

Title

wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete The ath9k_wmi_event_tasklet() used in ath9k_htc assumes that all the data structures have been fully initialised by the time it runs. However, because of the order in which things are initialised, this is not guaranteed to be the case, because the device is exposed to the USB subsystem before the ath9k driver initialisation is completed. We already committed a partial fix for this in commit: 8b3046abc99e ("ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()") However, that commit only aborted the WMI_TXSTATUS_EVENTID command in the event tasklet, pairing it with an "initialisation complete" bit in the TX struct. It seems syzbot managed to trigger the race for one of the other commands as well, so let's just move the existing synchronisation bit to cover the whole tasklet (setting it at the end of ath9k_htc_probe_device() instead of inside ath9k_tx_init()).

Severity ?

No CVSS data available.

Assigner

Linux

References

7 references

URL	Tags
https://git.kernel.org/stable/c/1bc5461a21c56a36e…
https://git.kernel.org/stable/c/f8ff4b4df71e87f60…
https://git.kernel.org/stable/c/74d0639261dd795dc…
https://git.kernel.org/stable/c/a015fbf698c8957aa…
https://git.kernel.org/stable/c/ac90e22e735bac44f…
https://git.kernel.org/stable/c/4afa0246656d5680c…
https://git.kernel.org/stable/c/24355fcb0d4cbcb6d…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 78c8397132dd4735ac6a7b5a651302f0b9f264ad , < 1bc5461a21c56a36e2a7d81e152b90ce019a3905 (git) Affected: 735aefae7b68025cd04c482a940c0f6fc6797a63 , < f8ff4b4df71e87f609be0cc37d92e918107f9b90 (git) Affected: 8b3046abc99eefe11438090bcc4ec3a3994b55d0 , < 74d0639261dd795dce958d1b14815bdcbb48a715 (git) Affected: 8b3046abc99eefe11438090bcc4ec3a3994b55d0 , < a015fbf698c8957aa5fbeefc5c59dd2cf3107298 (git) Affected: 8b3046abc99eefe11438090bcc4ec3a3994b55d0 , < ac90e22e735bac44f74b5161fb096fbeb0ff8bc2 (git) Affected: 8b3046abc99eefe11438090bcc4ec3a3994b55d0 , < 4afa0246656d5680c8a4c3fb37ba6570c4ab819b (git) Affected: 8b3046abc99eefe11438090bcc4ec3a3994b55d0 , < 24355fcb0d4cbcb6ddda262596558e8cfba70f11 (git) Affected: 7bbc1a50a7963f14048f0e54b0b73159f86d4ea3 (git) Affected: 5.10.136 , < 5.10.214 (semver) Affected: 5.15.17 , < 5.15.153 (semver) Affected: 5.16.3 , < 5.17 (semver)
Linux	Linux	Affected: 5.17 Unaffected: 0 , < 5.17 (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1bc5461a21c56a36e2a7d81e152b90ce019a3905"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f8ff4b4df71e87f609be0cc37d92e918107f9b90"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/74d0639261dd795dce958d1b14815bdcbb48a715"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a015fbf698c8957aa5fbeefc5c59dd2cf3107298"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ac90e22e735bac44f74b5161fb096fbeb0ff8bc2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4afa0246656d5680c8a4c3fb37ba6570c4ab819b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/24355fcb0d4cbcb6ddda262596558e8cfba70f11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26897",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:48:09.627095Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:23.543Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T11:50:15.589Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath9k/htc.h",
            "drivers/net/wireless/ath/ath9k/htc_drv_init.c",
            "drivers/net/wireless/ath/ath9k/htc_drv_txrx.c",
            "drivers/net/wireless/ath/ath9k/wmi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1bc5461a21c56a36e2a7d81e152b90ce019a3905",
              "status": "affected",
              "version": "78c8397132dd4735ac6a7b5a651302f0b9f264ad",
              "versionType": "git"
            },
            {
              "lessThan": "f8ff4b4df71e87f609be0cc37d92e918107f9b90",
              "status": "affected",
              "version": "735aefae7b68025cd04c482a940c0f6fc6797a63",
              "versionType": "git"
            },
            {
              "lessThan": "74d0639261dd795dce958d1b14815bdcbb48a715",
              "status": "affected",
              "version": "8b3046abc99eefe11438090bcc4ec3a3994b55d0",
              "versionType": "git"
            },
            {
              "lessThan": "a015fbf698c8957aa5fbeefc5c59dd2cf3107298",
              "status": "affected",
              "version": "8b3046abc99eefe11438090bcc4ec3a3994b55d0",
              "versionType": "git"
            },
            {
              "lessThan": "ac90e22e735bac44f74b5161fb096fbeb0ff8bc2",
              "status": "affected",
              "version": "8b3046abc99eefe11438090bcc4ec3a3994b55d0",
              "versionType": "git"
            },
            {
              "lessThan": "4afa0246656d5680c8a4c3fb37ba6570c4ab819b",
              "status": "affected",
              "version": "8b3046abc99eefe11438090bcc4ec3a3994b55d0",
              "versionType": "git"
            },
            {
              "lessThan": "24355fcb0d4cbcb6ddda262596558e8cfba70f11",
              "status": "affected",
              "version": "8b3046abc99eefe11438090bcc4ec3a3994b55d0",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7bbc1a50a7963f14048f0e54b0b73159f86d4ea3",
              "versionType": "git"
            },
            {
              "lessThan": "5.10.214",
              "status": "affected",
              "version": "5.10.136",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.153",
              "status": "affected",
              "version": "5.15.17",
              "versionType": "semver"
            },
            {
              "lessThan": "5.17",
              "status": "affected",
              "version": "5.16.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath9k/htc.h",
            "drivers/net/wireless/ath/ath9k/htc_drv_init.c",
            "drivers/net/wireless/ath/ath9k/htc_drv_txrx.c",
            "drivers/net/wireless/ath/ath9k/wmi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.17"
            },
            {
              "lessThan": "5.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "5.10.136",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.15.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.16.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete\n\nThe ath9k_wmi_event_tasklet() used in ath9k_htc assumes that all the data\nstructures have been fully initialised by the time it runs. However, because of\nthe order in which things are initialised, this is not guaranteed to be the\ncase, because the device is exposed to the USB subsystem before the ath9k driver\ninitialisation is completed.\n\nWe already committed a partial fix for this in commit:\n8b3046abc99e (\"ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()\")\n\nHowever, that commit only aborted the WMI_TXSTATUS_EVENTID command in the event\ntasklet, pairing it with an \"initialisation complete\" bit in the TX struct. It\nseems syzbot managed to trigger the race for one of the other commands as well,\nso let\u0027s just move the existing synchronisation bit to cover the whole\ntasklet (setting it at the end of ath9k_htc_probe_device() instead of inside\nath9k_tx_init())."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:39:47.828Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1bc5461a21c56a36e2a7d81e152b90ce019a3905"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8ff4b4df71e87f609be0cc37d92e918107f9b90"
        },
        {
          "url": "https://git.kernel.org/stable/c/74d0639261dd795dce958d1b14815bdcbb48a715"
        },
        {
          "url": "https://git.kernel.org/stable/c/a015fbf698c8957aa5fbeefc5c59dd2cf3107298"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac90e22e735bac44f74b5161fb096fbeb0ff8bc2"
        },
        {
          "url": "https://git.kernel.org/stable/c/4afa0246656d5680c8a4c3fb37ba6570c4ab819b"
        },
        {
          "url": "https://git.kernel.org/stable/c/24355fcb0d4cbcb6ddda262596558e8cfba70f11"
        }
      ],
      "title": "wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26897",
    "datePublished": "2024-04-17T10:27:47.842Z",
    "dateReserved": "2024-02-19T14:20:24.186Z",
    "dateUpdated": "2026-05-23T15:39:47.828Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2024:5363

Vulnerability from osv_almalinux

CVE-2021-47606 (GCVE-0-2021-47606)

CVE-2023-52651 (GCVE-0-2023-52651)

CVE-2023-52864 (GCVE-0-2023-52864)

CVE-2024-21823 (GCVE-0-2024-21823)

CVE-2024-26600 (GCVE-0-2024-26600)

CVE-2024-26808 (GCVE-0-2024-26808)

CVE-2024-26828 (GCVE-0-2024-26828)

CVE-2024-26853 (GCVE-0-2024-26853)

CVE-2024-26868 (GCVE-0-2024-26868)

CVE-2024-26897 (GCVE-0-2024-26897)

Tags

Sightings

Nomenclature