CVE-2024-26907
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-26907
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26907.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-26907
- Related
- Published
- 2024-04-17T11:15:11Z
- Modified
- 2024-09-18T03:26:05.468134Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix fortify source warning while accessing Eth segment
------------[ cut here ]------------ memcpy: detected field-spanning write (size 56) of single field "eseg->inlinehdr.start" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2) WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5ibpostsend+0x191b/0x1a60 [mlx5ib] Modules linked in: 8021q garp mrp stp llc rdmaucm(OE) rdmacm(OE) iwcm(OE) ibipoib(OE) ibcm(OE) ibumad(OE) mlx5ib(OE) ibuverbs(OE) ibcore(OE) mlx5core(OE) pcihypervintf mlxdevm(OE) mlxcompat(OE) tls mlxfw(OE) psample nftfibinet nftfibipv4 nftfibipv6 nftfib nftrejectinet nfrejectipv4 nfrejectipv6 nftreject nftct nftchainnat nfnat nfconntrack nfdefragipv6 nfdefragipv4 ipset nftables libcrc32c nfnetlink mstpciconf(OE) knem(OE) vfiopci vfiopcicore vfioiommutype1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrmuser xfrmalgo ipmidevintf ipmimsghandler binfmtmisc crct10difpclmul crc32pclmul polyvalclmulni polyvalgeneric ghashclmulniintel sha512ssse3 sndpcsp aesniintel cryptosimd cryptd sndpcm sndtimer joydev snd soundcore inputleds serioraw evbug nfsd authrpcgss nfsacl lockd grace schfqcodel sunrpc drm efipstore iptables xtables autofs4 psmouse virtionet netfailover failover floppy [last unloaded: mlxcompat(OE)] CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:mlx5ibpostsend+0x191b/0x1a60 [mlx5ib] Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7 RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8 R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80 FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? showregs+0x72/0x90 ? mlx5ibpostsend+0x191b/0x1a60 [mlx5ib] ? _warn+0x8d/0x160 ? mlx5ibpostsend+0x191b/0x1a60 [mlx5ib] ? reportbug+0x1bb/0x1d0 ? handlebug+0x46/0x90 ? excinvalidop+0x19/0x80 ? asmexcinvalidop+0x1b/0x20 ? mlx5ibpostsend+0x191b/0x1a60 [mlx5ib] mlx5ibpostsendnodrain+0xb/0x20 [mlx5ib] ipoibsend+0x2ec/0x770 [ibipoib] ipoibstartxmit+0x5a0/0x770 [ibipoib] devhardstartxmit+0x8e/0x1e0 ? validatexmitskblist+0x4d/0x80 schdirectxmit+0x116/0x3a0 _devxmitskb+0x1fd/0x580 _devqueuexmit+0x284/0x6b0 ? _rawspinunlockirq+0xe/0x50 ? _flushwork.isra.0+0x20d/0x370 ? pushpseudoheader+0x17/0x40 [ibipoib] neighconnectedoutput+0xcd/0x110 ipfinishoutput2+0x179/0x480 ? _smpcallsinglequeue+0x61/0xa0 _ipfinishoutput+0xc3/0x190 ipfinishoutput+0x2e/0xf0 ipoutput+0x78/0x110 ? _pfxipfinishoutput+0x10/0x10 iplocalout+0x64/0x70 _ipqueuexmit+0x18a/0x460 ipqueuexmit+0x15/0x30 _tcptransmitskb+0x914/0x9c0 tcpwritexmit+0x334/0x8d0 tcppushone+0x3c/0x60 tcpsendmsglocked+0x2e1/0xac0 tcpsendmsg+0x2d/0x50 inetsendmsg+0x43/0x90 socksendmsg+0x68/0x80 sockwriteiter+0x93/0x100 vfswrite+0x326/0x3c0 ksyswrite+0xbd/0xf0 ? dosyscall64+0x69/0x90 _x64syswrite+0x19/0x30 dosyscall_ ---truncated---
- References
-
- https://git.kernel.org/stable/c/185fa07000e0a81d54cf8c05414cebff14469a5c
- https://git.kernel.org/stable/c/4d5e86a56615cc387d21c629f9af8fb0e958d350
- https://git.kernel.org/stable/c/60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d
- https://git.kernel.org/stable/c/9a624a5f95733bac4648ecadb320ca83aa9c08fd
- https://git.kernel.org/stable/c/cad82f1671e41094acd3b9a60cd27d67a3c64a21
- https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://security-tracker.debian.org/tracker/CVE-2024-26907
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.216-1
Affected versions
5.*
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.85-1
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.7.12-1