5.5
CVE-2024-26824
- EPSS 0.23%
- Veröffentlicht 17.04.2024 10:15:09
- Zuletzt bearbeitet 27.03.2025 20:56:14
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
crypto: algif_hash - Remove bogus SGL free on zero-length error path
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - Remove bogus SGL free on zero-length error path When a zero-length message is hashed by algif_hash, and an error is triggered, it tries to free an SG list that was never allocated in the first place. Fix this by not freeing the SG list on the zero-length error path.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.5 < 6.6.18
Linux ≫ Linux Kernel Version >= 6.7 < 6.7.6
Linux ≫ Linux Kernel Version6.8 Updaterc1
Linux ≫ Linux Kernel Version6.8 Updaterc2
Linux ≫ Linux Kernel Version6.8 Updaterc3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.133 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
https://git.kernel.org/stable/c/24c890dd712f6345e382256cae8c97abb0406b70
https://git.kernel.org/stable/c/775f3c1882a493168e08fdb8cde0865c8f3a8a29
https://git.kernel.org/stable/c/9c82920359b7c1eddaf72069bcfe0ffddf088cd0