CVE-2024-26766Off-by-one Error in Linux

CWE-193Off-by-one Error30 documents8 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV7.0OSV6.5
EPSS
0.0%
top 99.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedApr 3
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Unfortunately the commit `fd8958efe877` introduced another error causing the `descs` array to overflow. This reults in further crashes easily reproducible by `sendmsg` system call. [ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI [ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel4.19.2914.19.308+7
Debianlinux/linux_kernel< 5.10.216-1+3
Ubuntulinux/linux_kernel< 5.4.0-186.206+1
CVEListV5linux/linuxd1c1ee052d25ca23735eea912f843bc7834781b4115b7f3bc1dce590a6851a2dcf23dc1100c49790+9
debiandebian/linux< linux 6.1.82-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

14
OSV
linux-raspi vulnerabilities2024-07-26
OSV
linux-ibm-5.15 vulnerabilities2024-07-10
OSV
linux-hwe-5.15 vulnerabilities2024-07-04
OSV
linux-bluefield, linux-iot vulnerabilities2024-07-03
OSV
linux-azure, linux-azure-fde vulnerabilities2024-06-14

📋Vendor Advisories

14
CISA ICS
Siemens SINEC OS2025-08-14
Ubuntu
Linux kernel vulnerabilities2024-07-26
Ubuntu
Linux kernel (IBM) vulnerabilities2024-07-10
Ubuntu
Linux kernel (HWE) vulnerabilities2024-07-04
Ubuntu
Linux kernel (Azure) vulnerabilities2024-06-14

💬Community

1
Bugzilla
CVE-2024-26766 kernel: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error2024-04-04