CVE-2024-26789Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read17 documents8 sources
Severity
7.1HIGHNVD
OSV7.0
EPSS
0.0%
top 96.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedApr 4
Latest updateAug 2

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs - fix out-of-bounds access on short input The bit-sliced implementation of AES-CTR operates on blocks of 128 bytes, and will fall back to the plain NEON version for tail blocks or inputs that are shorter than 128 bytes to begin with. It will call straight into the plain NEON asm helper, which performs all memory accesses in granules of 16 bytes (the size of a NEON register). For this reason, the associate

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages6 packages

Debianlinux/linux_kernel< 6.1.82-1+2
NVDlinux/linux_kernel5.186.1.81+3
CVEListV5linux/linuxfc074e130051015e39245a4241956ff122e2f465034e2d70b5c7f578200ad09955aeb2aa65d1164a+4

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

7
OSV
linux-oem-6.5 vulnerabilities2024-08-02
OSV
linux-aws-6.5, linux-lowlatency-hwe-6.5, linux-oracle-6.5, linux-starfive-6.5 vulnerabilities2024-07-19
OSV
linux-hwe-6.5 vulnerabilities2024-07-17
OSV
linux-azure-6.5, linux-gcp-6.5 vulnerabilities2024-07-16
OSV
linux, linux-gcp, linux-nvidia-6.5, linux-raspi vulnerabilities2024-07-12

📋Vendor Advisories

8
Ubuntu
Linux kernel vulnerabilities2024-08-02
Ubuntu
Linux kernel vulnerabilities2024-07-19
Ubuntu
Linux kernel vulnerabilities2024-07-17
Ubuntu
Linux kernel vulnerabilities2024-07-16
Ubuntu
Linux kernel vulnerabilities2024-07-12

💬Community

1
Bugzilla
CVE-2024-26789 kernel: crypto: arm64/neonbs - fix out-of-bounds access on short input2024-04-04