5.5

CVE-2024-26824

EPSS 0.02%
Published 17.04.2024 10:15:09
Last modified 27.03.2025 20:56:14
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_hash - Remove bogus SGL free on zero-length error path

When a zero-length message is hashed by algif_hash, and an error
is triggered, it tries to free an SG list that was never allocated
in the first place.  Fix this by not freeing the SG list on the
zero-length error path.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.5 < 6.6.18

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.6

Linux ≫ Linux Kernel Version6.8 Updaterc1

Linux ≫ Linux Kernel Version6.8 Updaterc2

Linux ≫ Linux Kernel Version6.8 Updaterc3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.021

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

https://git.kernel.org/stable/c/24c890dd712f6345e382256cae8c97abb0406b70

Patch

https://git.kernel.org/stable/c/775f3c1882a493168e08fdb8cde0865c8f3a8a29

Patch

https://git.kernel.org/stable/c/9c82920359b7c1eddaf72069bcfe0ffddf088cd0

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-26824

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-26824

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-26824

EUVD