CVE-2024-26707 — Allocation of Resources Without Limits or Throttling in Linux
Severity
5.5MEDIUMNVD
OSV7.0OSV6.5
EPSS
0.0%
top 98.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 3
Latest updateAug 2
Description
In the Linux kernel, the following vulnerability has been resolved:
net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
Syzkaller reported [1] hitting a warning after failing to allocate
resources for skb in hsr_init_skb(). Since a WARN_ONCE() call will
not help much in this case, it might be prudent to switch to
netdev_warn_once(). At the very least it will suppress syzkaller
reports such as [1].
Just in case, use netdev_warn_once() in send_prp_supervision_frame()
for similar reason…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linux121c33b07b3127f501b366bc23d2a590e2f2b8ef — 0d8011a878fdf96123bc0d6a12e2fe7ced5fddfb+6
Also affects: Debian Linux 10.0
Patches
🔴Vulnerability Details
12OSV▶
linux-aws-6.5, linux-lowlatency-hwe-6.5, linux-oracle-6.5, linux-starfive-6.5 vulnerabilities↗2024-07-19
📋Vendor Advisories
12💬Community
1Bugzilla
▶