CVE-2024-26618Allocation of Resources Without Limits or Throttling in Linux

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-402Resource Leak22 documents6 sources
Severity
5.5MEDIUMNVD
OSV7.5OSV6.5
EPSS
0.0%
top 96.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 11
Latest updateJun 26

Description

In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit sme_alloc() early with existing storage When sme_alloc() is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state. Fix this by separating the checks for flushing and for existing storage as we do for SVE. Callers that reallocate (eg, due to changing the vector length) should call sme_free() themselves.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel6.56.6.15+1
Debianlinux/linux_kernel< 6.1.140-1+2
CVEListV5linux/linux21614ba60883eb93b99a7ee4b41cb927f93b39aef6421555dbd7cb3d4d70b69f33f998aaeca1e3b5+5
debiandebian/linux< linux 6.1.140-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.140-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

11
OSV
linux-oracle-6.5 vulnerabilities2024-06-26
OSV
linux-hwe-6.5 vulnerabilities2024-06-18
OSV
linux-nvidia-6.5 vulnerabilities2024-06-14
OSV
linux-oem-6.5 vulnerabilities2024-06-12
OSV
linux-aws, linux-oracle vulnerabilities2024-06-11

📋Vendor Advisories

10
Ubuntu
Linux kernel (Oracle) vulnerabilities2024-06-26
Ubuntu
Linux kernel (HWE) vulnerabilities2024-06-18
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2024-06-14
Ubuntu
Linux kernel (OEM) vulnerabilities2024-06-12
Ubuntu
Linux kernel vulnerabilities2024-06-11