7.1
CVE-2024-26763
- EPSS 0.01%
- Published 03.04.2024 17:15:52
- Last modified 18.03.2025 16:40:18
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified [1]. So, fix this problem by copying the data into the clone bio first and then encrypt them inside the clone bio. This may reduce performance, but it is needed to prevent the user from corrupting the device by writing data with O_DIRECT and modifying them at the same time. [1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 4.19.308
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.270
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.211
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.150
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.80
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.19
Linux ≫ Linux Kernel Version >= 6.7 < 6.7.7
Linux ≫ Linux Kernel Version6.8 Updaterc1
Linux ≫ Linux Kernel Version6.8 Updaterc2
Linux ≫ Linux Kernel Version6.8 Updaterc3
Linux ≫ Linux Kernel Version6.8 Updaterc4
Linux ≫ Linux Kernel Version6.8 Updaterc5
Debian ≫ Debian Linux Version10.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.017 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.