CVE-2024-26640Improper Input Validation in Linux

CWE-20Improper Input Validation45 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.5OSV6.5
EPSS
0.0%
top 98.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 18
Latest updateNov 19

Description

In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page must not be a compound one. - page->mapping must be NULL. This fixes the panic reported by ZhangPeng. syzbot was able to loopback packets built with sendfile(), mapping pages owned by an ext4 file to TCP rx zerocopy. r3

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel4.185.10.210+5
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-200.220+1
CVEListV5linux/linux93ab6cc69162775201587cc9da00d5016dc890e2f48bf9a83b1666d934247cb58a9887d7b3127b6f+6
debiandebian/linux< linux 6.1.82-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

22
OSV
linux-iot vulnerabilities2024-11-19
OSV
linux-raspi, linux-raspi-5.4 vulnerabilities2024-11-14
OSV
linux-aws, linux-azure-5.4, linux-kvm, linux-oracle, linux-xilinx-zynqmp vulnerabilities2024-11-07
OSV
linux-aws-5.4, linux-oracle-5.4 vulnerabilities2024-11-06
OSV
linux-azure, linux-bluefield vulnerabilities2024-11-04

📋Vendor Advisories

21
Ubuntu
Linux kernel (IoT) vulnerabilities2024-11-19
Ubuntu
Linux kernel vulnerabilities2024-11-14
Ubuntu
Linux kernel vulnerabilities2024-11-07
Ubuntu
Linux kernel vulnerabilities2024-11-06
Ubuntu
Linux kernel vulnerabilities2024-11-04

💬Community

1
Bugzilla
CVE-2024-26640 kernel: tcp: add sanity checks to rx zerocopy2024-03-18