CVE-2024-26710

EPSS 0.02%
Veröffentlicht 03.04.2024 15:15:53
Zuletzt bearbeitet 19.06.2025 13:15:31
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

powerpc/kasan: Limit KASAN thread size increase to 32KB

KASAN is seen to increase stack usage, to the point that it was reported
to lead to stack overflow on some 32-bit machines (see link).

To avoid overflows the stack size was doubled for KASAN builds in
commit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with
KASAN").

However with a 32KB stack size to begin with, the doubling leads to a
64KB stack, which causes build errors:
  arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between 0xffffffffffff8000 and 0x0000000000007fff)

Although the asm could be reworked, in practice a 32KB stack seems
sufficient even for KASAN builds - the additional usage seems to be in
the 2-3KB range for a 64-bit KASAN build.

So only increase the stack for KASAN if the stack size is < 32KB.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.1.75 < 6.1.79

Linux ≫ Linux Kernel Version >= 6.6.14 < 6.6.18

Linux ≫ Linux Kernel Version >= 6.7.2 < 6.7.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.032

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://git.kernel.org/stable/c/4297217bcf1f0948a19c2bacc6b68d92e7778ad9

Patch

https://git.kernel.org/stable/c/4cc31fa07445879a13750cb061bb8c2654975fcb

Patch

https://git.kernel.org/stable/c/b29b16bd836a838b7690f80e37f8376414c74cbe

Patch

https://git.kernel.org/stable/c/f1acb109505d983779bbb7e20a1ee6244d2b5736

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-26710

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-26710

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-26710

EUVD