CVE-2024-26785Classic Buffer Overflow in Linux

CWE-120Classic Buffer OverflowCWE-400Uncontrolled Resource Consumption7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 99.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedApr 4
Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix protection fault in iommufd_test_syz_conv_iova Syzkaller reported the following bug: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7] Call Trace: lock_acquire lock_acquire+0x1ce/0x4f0 down_read+0x93/0x4a0 iommufd_test_syz_conv_iova+0x56/0x1f0 iommufd_test_access_rw.isra.0+0x2ec/0x390 iommufd_

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel6.66.7.9+1
Debianlinux/linux_kernel< 6.7.9-1+1
CVEListV5linux/linux9227da7816dd1a42e20d41e2244cb63c205477cafd4d5cd7a2e8f08357c9bfc0905957cffe8ce568+3

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-pjr2-pwcr-ffrh: In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix protection fault in iommufd_test_syz_conv_iova Syzkaller reported t2024-04-04
OSV
CVE-2024-26785: In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix protection fault in iommufd_test_syz_conv_iova Syzkaller reported the2024-04-04

📋Vendor Advisories

3
Microsoft
iommufd: Fix protection fault in iommufd_test_syz_conv_iova2024-04-09
Red Hat
kernel: iommufd: Fix protection fault in iommufd_test_syz_conv_iova2024-04-04
Debian
CVE-2024-26785: linux - In the Linux kernel, the following vulnerability has been resolved: iommufd: Fi...2024

💬Community

1
Bugzilla
CVE-2024-26785 kernel: iommufd: Fix protection fault in iommufd_test_syz_conv_iova2024-04-04