CVE-2024-26764Linux vulnerability

30 documents8 sources
Severity
3.3LOWNVD
OSV7.8OSV7.0OSV6.5OSV5.5
EPSS
0.0%
top 99.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedApr 3
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio If kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the following kernel warning appears: WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8 Call trace: kiocb_set_cancel_fn+0x9c/0xa8 ffs_epfile_read_iter+0x144/0x1d0 io_read+0x19c/0x498 io_issue_sqe+0x118/0x27c io_submit_sqes+0x25c/0x5fc __arm64_sys_io_uring_enter+0x104/0xab0

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages5 packages

NVDlinux/linux_kernel4.205.4.270+7
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-186.206+1
CVEListV5linux/linux04b2fa9f8f36ec6fb6fd1c9dc9df6fff0cd27323337b543e274fe7a8f47df3c8293cc6686ffa620f+8
debiandebian/linux< linux 6.1.82-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

14
OSV
linux-raspi vulnerabilities2024-07-26
OSV
linux-ibm-5.15 vulnerabilities2024-07-10
OSV
linux-hwe-5.15 vulnerabilities2024-07-04
OSV
linux-bluefield, linux-iot vulnerabilities2024-07-03
OSV
linux-azure, linux-azure-fde vulnerabilities2024-06-14

📋Vendor Advisories

14
CISA ICS
Siemens SINEC OS2025-08-14
Ubuntu
Linux kernel vulnerabilities2024-07-26
Ubuntu
Linux kernel (IBM) vulnerabilities2024-07-10
Ubuntu
Linux kernel (HWE) vulnerabilities2024-07-04
Ubuntu
Linux kernel (Azure) vulnerabilities2024-06-14

💬Community

1
Bugzilla
CVE-2024-26764 kernel: fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio2024-04-04