CVE-2024-26753Out-of-bounds Write in Linux

CWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedApr 3
Latest updateApr 4

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: virtio/akcipher - Fix stack overflow on memcpy sizeof(struct virtio_crypto_akcipher_session_para) is less than sizeof(struct virtio_crypto_op_ctrl_req::u), copying more bytes from stack variable leads stack overflow. Clang reports this issue by commands: make -j CC=clang-14 mrproper >/dev/null 2>&1 make -j O=/tmp/crypto-build CC=clang-14 allmodconfig >/dev/null 2>&1 make -j O=/tmp/crypto-build W=1 CC=clang-14 drivers/c

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel5.10.2095.10.212+4
Debianlinux/linux_kernel< 5.10.216-1+3
CVEListV5linux/linux1ff57428894fc4f5001d3df0762c1820295d6c4f37077ed16c7793e21b005979d33f8a61565b7e86+5
debiandebian/linux< linux 6.1.82-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2024-26753: In the Linux kernel, the following vulnerability has been resolved: crypto: virtio/akcipher - Fix stack overflow on memcpy sizeof(struct virtio_crypto2024-04-03
GHSA
GHSA-gvgx-pcvr-3pc4: In the Linux kernel, the following vulnerability has been resolved: crypto: virtio/akcipher - Fix stack overflow on memcpy sizeof(struct virtio_cryp2024-04-03

📋Vendor Advisories

2
Red Hat
kernel: crypto: virtio/akcipher - Fix stack overflow on memcpy2024-04-03
Debian
CVE-2024-26753: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: vir...2024

💬Community

1
Bugzilla
CVE-2024-26753 kernel: crypto: virtio/akcipher - Fix stack overflow on memcpy2024-04-04