CVE-2024-26763

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-26763

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26763.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-26763

Downstream

BELL-CVE-2024-26763

DEBIAN-CVE-2024-26763

DLA-3840-1

DLA-3842-1

DSA-5681-1

OESA-2024-1617

OESA-2024-1618

OESA-2024-1622

OESA-2024-1647

OESA-2024-1648

OESA-2024-1649

SUSE-SU-2024:1490-1

SUSE-SU-2024:1643-1

SUSE-SU-2024:1646-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

SUSE-SU-2024:1870-1

UBUNTU-CVE-2024-26763

USN-6820-1

USN-6820-2

USN-6821-1

USN-6821-2

USN-6821-3

USN-6821-4

USN-6828-1

USN-6831-1

USN-6867-1

USN-6871-1

USN-6892-1

USN-6919-1

Related

Published

2024-04-03T17:15:52Z

Modified

2025-08-09T19:01:26Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

dm-crypt: don't modify the data when using authenticated encryption

It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified [1]. So, fix this problem by copying the data into the clone bio first and then encrypt them inside the clone bio.

This may reduce performance, but it is needed to prevent the user from corrupting the device by writing data with O_DIRECT and modifying them at the same time.

[1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/

References

Affected packages