-
CVE-2024-26877
- EPSS 0.04%
- Published 17.04.2024 11:15:09
- Last modified 21.11.2024 09:03:16
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved:
crypto: xilinx - call finalize with bh disabled
When calling crypto_finalize_request, BH should be disabled to avoid
triggering the following calltrace:
------------[ cut here ]------------
WARNING: CPU: 2 PID: 74 at crypto/crypto_engine.c:58 crypto_finalize_request+0xa0/0x118
Modules linked in: cryptodev(O)
CPU: 2 PID: 74 Comm: firmware:zynqmp Tainted: G O 6.8.0-rc1-yocto-standard #323
Hardware name: ZynqMP ZCU102 Rev1.0 (DT)
pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : crypto_finalize_request+0xa0/0x118
lr : crypto_finalize_request+0x104/0x118
sp : ffffffc085353ce0
x29: ffffffc085353ce0 x28: 0000000000000000 x27: ffffff8808ea8688
x26: ffffffc081715038 x25: 0000000000000000 x24: ffffff880100db00
x23: ffffff880100da80 x22: 0000000000000000 x21: 0000000000000000
x20: ffffff8805b14000 x19: ffffff880100da80 x18: 0000000000010450
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000003 x13: 0000000000000000 x12: ffffff880100dad0
x11: 0000000000000000 x10: ffffffc0832dcd08 x9 : ffffffc0812416d8
x8 : 00000000000001f4 x7 : ffffffc0830d2830 x6 : 0000000000000001
x5 : ffffffc082091000 x4 : ffffffc082091658 x3 : 0000000000000000
x2 : ffffffc7f9653000 x1 : 0000000000000000 x0 : ffffff8802d20000
Call trace:
crypto_finalize_request+0xa0/0x118
crypto_finalize_aead_request+0x18/0x30
zynqmp_handle_aes_req+0xcc/0x388
crypto_pump_work+0x168/0x2d8
kthread_worker_fn+0xfc/0x3a0
kthread+0x118/0x138
ret_from_fork+0x10/0x20
irq event stamp: 40
hardirqs last enabled at (39): [<ffffffc0812416f8>] _raw_spin_unlock_irqrestore+0x70/0xb0
hardirqs last disabled at (40): [<ffffffc08122d208>] el1_dbg+0x28/0x90
softirqs last enabled at (36): [<ffffffc080017dec>] kernel_neon_begin+0x8c/0xf0
softirqs last disabled at (34): [<ffffffc080017dc0>] kernel_neon_begin+0x60/0xf0
---[ end trace 0000000000000000 ]---Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
8a01335aedc50a66d04dd39203c89f4bc8042596
Version
4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5
Status
affected
Version <
03e6d4e948432a61b35783323b6ab2be071d2619
Version
4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5
Status
affected
Version <
a71f66bd5f7b9b35a8aaa49e29565eca66299399
Version
4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5
Status
affected
Version <
23bc89fdce71124cd2126fc919c7076e7cb489cf
Version
4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5
Status
affected
Version <
9db89b1fb85557892e6681724b367287de5f9f20
Version
4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5
Status
affected
Version <
dbf291d8ffffb70f48286176a15c6c54f0bb0743
Version
4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5
Status
affected
Version <
a853450bf4c752e664abab0b2fad395b7ad7701c
Version
4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
5.7
Status
affected
Version <
5.7
Version
0
Status
unaffected
Version <=
5.10.*
Version
5.10.214
Status
unaffected
Version <=
5.15.*
Version
5.15.153
Status
unaffected
Version <=
6.1.*
Version
6.1.83
Status
unaffected
Version <=
6.6.*
Version
6.6.23
Status
unaffected
Version <=
6.7.*
Version
6.7.11
Status
unaffected
Version <=
6.8.*
Version
6.8.2
Status
unaffected
Version <=
*
Version
6.9
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.088 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|