CVE-2024-26588 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux
Severity
7.8HIGHNVD
OSV7.5
EPSS
0.0%
top 96.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 22
Latest updateMar 11
Description
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: BPF: Prevent out-of-bounds memory access
The test_tag test triggers an unhandled page fault:
# ./test_tag
[ 130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era == 9000000003137f7c, ra == 9000000003139e70
[ 130.640501] Oops[#3]:
[ 130.640553] CPU: 0 PID: 1326 Comm: test_tag Tainted: G D O 6.7.0-rc4-loong-devel-gb62ab1a397cf #47 61985c1d94084daa2432f771daa45b56b10d8d2a
[ …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages8 packages
▶CVEListV5linux/linuxbbfddb904df6f82a5948687a2d57766216b9bc0f — 4631c2dd69d928bca396f9f58baeddf85e14ced5+4
Patches
🔴Vulnerability Details
3OSV▶
CVE-2024-26588: In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers an↗2024-02-22
GHSA▶
GHSA-x6p5-7c22-qrq6: In the Linux kernel, the following vulnerability has been resolved:
LoongArch: BPF: Prevent out-of-bounds memory access
The test_tag test triggers a↗2024-02-22
📋Vendor Advisories
4Debian▶
CVE-2024-26588: linux - In the Linux kernel, the following vulnerability has been resolved: LoongArch: ...↗2024