CVE-2024-26860

Memory for the "checksums" pointer will leak if the data is rechecked after checksum failure (because the associated kfree won't happen due to 'goto skip_io').

Fix this by freeing the checksums memory before recheck, and just use the "checksum_onstack" memory for storing checksum during recheck.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

906414f4596469004632de29126c55751ed82c5e

Fixed

20e21c3c0195d915f33bc7321ee6b362177bf5bf

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d6824a28b244e8a750952848e4bd2167e1e9a17e

Fixed

338580a7fb9b0930bb38098007e89cc0fc496bf7

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

eb7b14a6a923c5678573c4d238c781cc83fcbc0f

Fixed

74abc2fe09691f3d836d8a54d599ca71f1e4287b

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c88f5e553fe38b2ffc4c33d08654e5281b297677

Fixed

6d35654f03c35c273240d85ec67e3f2c3596c4e0

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c88f5e553fe38b2ffc4c33d08654e5281b297677

Fixed

55e565c42dce81a4e49c13262d5bc4eb4c2e588a

Affected versions

v6.*

v6.1.80

v6.1.81

v6.1.82

v6.6.19

v6.6.20

v6.6.21

v6.6.22

v6.7.10

v6.7.7

v6.7.8

v6.7.9

v6.8

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.8.1

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "244374874897289681970741811314426497861",
                    "116817178935666847423756351813841379067",
                    "312791358417986111073754543709238706892",
                    "207836264532156486897843057008289242339",
                    "280881015602890127055824702284146588322",
                    "243837846292658682607022964483915461821",
                    "175413652325201191670233931054281783995",
                    "58539579065897313731984294530796750090",
                    "289717169581349106087250120707844489233",
                    "71305207883494098643609789058444490179"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@55e565c42dce81a4e49c13262d5bc4eb4c2e588a",
            "target": {
                "file": "drivers/md/dm-integrity.c"
            },
            "id": "CVE-2024-26860-128a437a",
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "244374874897289681970741811314426497861",
                    "116817178935666847423756351813841379067",
                    "312791358417986111073754543709238706892",
                    "207836264532156486897843057008289242339",
                    "280881015602890127055824702284146588322",
                    "243837846292658682607022964483915461821",
                    "175413652325201191670233931054281783995",
                    "58539579065897313731984294530796750090",
                    "289717169581349106087250120707844489233",
                    "71305207883494098643609789058444490179"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@74abc2fe09691f3d836d8a54d599ca71f1e4287b",
            "target": {
                "file": "drivers/md/dm-integrity.c"
            },
            "id": "CVE-2024-26860-19c9dfa1",
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "244374874897289681970741811314426497861",
                    "116817178935666847423756351813841379067",
                    "312791358417986111073754543709238706892",
                    "207836264532156486897843057008289242339",
                    "280881015602890127055824702284146588322",
                    "243837846292658682607022964483915461821",
                    "175413652325201191670233931054281783995",
                    "58539579065897313731984294530796750090",
                    "289717169581349106087250120707844489233",
                    "71305207883494098643609789058444490179"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@20e21c3c0195d915f33bc7321ee6b362177bf5bf",
            "target": {
                "file": "drivers/md/dm-integrity.c"
            },
            "id": "CVE-2024-26860-2668af82",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 3417.0,
                "function_hash": "22082324250495884084841330679389906296"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@74abc2fe09691f3d836d8a54d599ca71f1e4287b",
            "target": {
                "file": "drivers/md/dm-integrity.c",
                "function": "integrity_metadata"
            },
            "id": "CVE-2024-26860-35861cc1",
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "244374874897289681970741811314426497861",
                    "116817178935666847423756351813841379067",
                    "312791358417986111073754543709238706892",
                    "207836264532156486897843057008289242339",
                    "280881015602890127055824702284146588322",
                    "243837846292658682607022964483915461821",
                    "175413652325201191670233931054281783995",
                    "58539579065897313731984294530796750090",
                    "289717169581349106087250120707844489233",
                    "71305207883494098643609789058444490179"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d35654f03c35c273240d85ec67e3f2c3596c4e0",
            "target": {
                "file": "drivers/md/dm-integrity.c"
            },
            "id": "CVE-2024-26860-556fad21",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 3417.0,
                "function_hash": "22082324250495884084841330679389906296"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@55e565c42dce81a4e49c13262d5bc4eb4c2e588a",
            "target": {
                "file": "drivers/md/dm-integrity.c",
                "function": "integrity_metadata"
            },
            "id": "CVE-2024-26860-91852ba2",
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "244374874897289681970741811314426497861",
                    "116817178935666847423756351813841379067",
                    "312791358417986111073754543709238706892",
                    "207836264532156486897843057008289242339",
                    "280881015602890127055824702284146588322",
                    "243837846292658682607022964483915461821",
                    "175413652325201191670233931054281783995",
                    "58539579065897313731984294530796750090",
                    "289717169581349106087250120707844489233",
                    "71305207883494098643609789058444490179"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@338580a7fb9b0930bb38098007e89cc0fc496bf7",
            "target": {
                "file": "drivers/md/dm-integrity.c"
            },
            "id": "CVE-2024-26860-93a0e878",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 3417.0,
                "function_hash": "22082324250495884084841330679389906296"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d35654f03c35c273240d85ec67e3f2c3596c4e0",
            "target": {
                "file": "drivers/md/dm-integrity.c",
                "function": "integrity_metadata"
            },
            "id": "CVE-2024-26860-b8d19b79",
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 3417.0,
                "function_hash": "22082324250495884084841330679389906296"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@338580a7fb9b0930bb38098007e89cc0fc496bf7",
            "target": {
                "file": "drivers/md/dm-integrity.c",
                "function": "integrity_metadata"
            },
            "id": "CVE-2024-26860-beb30d10",
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 3418.0,
                "function_hash": "236727282127254522410109965962662531937"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@20e21c3c0195d915f33bc7321ee6b362177bf5bf",
            "target": {
                "file": "drivers/md/dm-integrity.c",
                "function": "integrity_metadata"
            },
            "id": "CVE-2024-26860-bf4f41be",
            "signature_type": "Function"
        }
    ]
}

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.83

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.23

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.7.11

Type: ECOSYSTEM
Events: Introduced

6.8.0

Fixed

6.8.2