CVE-2024-26675 — Allocation of Resources Without Limits or Throttling in Linux
Severity
5.5MEDIUMNVD
OSV7.8OSV7.0OSV6.5
EPSS
0.0%
top 99.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 2
Latest updateAug 14
Description
In the Linux kernel, the following vulnerability has been resolved:
ppp_async: limit MRU to 64K
syzbot triggered a warning [1] in __alloc_pages():
WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)
Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K")
Adopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)
[1]:
WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
Modules linked in:
CPU: 1 PID: 11 Comm: kworker/u4:0 Not taint…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 — 4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed+8
Also affects: Debian Linux 10.0
Patches
🔴Vulnerability Details
18OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities↗2024-11-19