CVE-2024-26602Improper Protection of Physical Side Channels in Linux

CWE-1300Improper Protection of Physical Side Channels37 documents9 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV7.0OSV6.5
EPSS
0.0%
top 98.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedFeb 26
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize the accesses to prevent the ability for this to be called at too high of a frequency and saturate the machine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

NVDlinux/linux_kernel4.14.04.19.307+6
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-181.201+2
CVEListV5linux/linux22e4ebb975822833b083533035233d128b30e98f3cd139875e9a7688b3fc715264032620812a5fa3+8
debiandebian/linux< linux 6.1.82-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

16
OSV
linux-azure vulnerabilities2024-10-17
OSV
linux, linux-aws, linux-aws-hwe, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities2024-10-15
OSV
linux-oem-6.5 vulnerabilities2024-08-02
OSV
linux-aws-6.5, linux-lowlatency-hwe-6.5, linux-oracle-6.5, linux-starfive-6.5 vulnerabilities2024-07-19
OSV
linux-hwe-6.5 vulnerabilities2024-07-17

📋Vendor Advisories

19
CISA ICS
Siemens SINEC OS2025-08-14
Ubuntu
Linux kernel (Azure) vulnerabilities2024-10-17
Ubuntu
Linux kernel vulnerabilities2024-10-15
Ubuntu
Linux kernel vulnerabilities2024-08-02
Ubuntu
Linux kernel vulnerabilities2024-07-19

💬Community

1
Bugzilla
CVE-2024-26602 kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier2024-03-04
CVE-2024-26602 — Linux vulnerability | cvebase