CVE-2024-26900

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-26900
In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev->serial If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 (size 49152): comm "mdadm", pid 789, jiffies 4294716910 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc f773277a): [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0 [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270 [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f [<00000000f206d60a>] kvmalloc_node+0x74/0x150 [<0000000034bf3363>] rdev_init_serial+0x67/0x170 [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220 [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630 [<0000000073c28560>] md_add_new_disk+0x400/0x9f0 [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10 [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0 [<0000000085086a11>] vfs_ioctl+0x22/0x60 [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0 [<00000000e54e675e>] do_syscall_64+0x71/0x150 [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366 Patch
https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4 Patch
https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea Patch
https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995
https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9
https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9
https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

05 Nov 2024, 10:16

Type Values Removed Values Added
References
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}

27 Jun 2024, 14:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html -

17 May 2024, 11:15

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995 -
  • () https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9 -
  • () https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9 -
  • () https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123 -

29 Apr 2024, 19:38

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
First Time Linux
Linux linux Kernel
CWE CWE-401
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366 - () https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366 - Patch
References () https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4 - () https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4 - Patch
References () https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea - () https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea - Patch
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: md: corrige kmemleak de rdev-&gt;serial Si kobject_add() falla en bind_rdev_to_array(), 'rdev-&gt;serial' se asignará y no se liberará, y se produce kmemleak. objeto sin referencia 0xffff88815a350000 (tamaño 49152): comm "mdadm", pid 789, jiffies 4294716910 volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ retroceso (crc f773277a): [&lt;0000000058b0a453&gt; ] kmemleak_alloc+0x61/0xe0 [&lt;00000000366adf14&gt;] __kmalloc_large_node+0x15e/0x270 [&lt;000000002e82961b&gt;] __kmalloc_node.cold+0x11/0x7f [&lt;00000000f206d60a&gt;] loc_node+0x74/0x150 [&lt;0000000034bf3363&gt;] rdev_init_serial+0x67/0x170 [&lt; 0000000010e08fe9&gt;] mddev_create_serial_pool+0x62/0x220 [&lt;00000000c3837bf0&gt;] bind_rdev_to_array+0x2af/0x630 [&lt;0000000073c28560&gt;] md_add_new_disk+0x400/0x9f0 00000000770e30ff&gt;] md_ioctl+0x15bf/0x1c10 [&lt;000000006cfab718&gt;] blkdev_ioctl+0x191/0x3f0 [&lt; 0000000085086a11&gt;] vfs_ioctl+0x22/0x60 [&lt;0000000018b656fe&gt;] __x64_sys_ioctl+0xba/0xe0 [&lt;00000000e54e675e&gt;] do_syscall_64+0x71/0x150 [&lt;00000 0008b0ad622&gt;] entrada_SYSCALL_64_after_hwframe+0x6c/0x74

17 Apr 2024, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-17 11:15

Updated : 2024-11-05 10:16

NVD link : CVE-2024-26900

Mitre link : CVE-2024-26900

CVE.ORG link : CVE-2024-26900

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-401

Missing Release of Memory after Effective Lifetime


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024