5.5
CVE-2024-26946
- EPSS 0.24%
- Veröffentlicht 01.05.2024 06:15:10
- Zuletzt bearbeitet 18.09.2025 14:14:52
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address
In the Linux kernel, the following vulnerability has been resolved: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Read from an unsafe address with copy_from_kernel_nofault() in arch_adjust_kprobe_addr() because this function is used before checking the address is in text or not. Syzcaller bot found a bug and reported the case if user specifies inaccessible data area, arch_adjust_kprobe_addr() will cause a kernel panic. [ mingo: Clarified the comment. ]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.18 < 6.1.84
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.24
Linux ≫ Linux Kernel Version >= 6.7 < 6.7.12
Linux ≫ Linux Kernel Version >= 6.8 < 6.8.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.149 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-617 Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
https://git.kernel.org/stable/c/20fdb21eabaeb8f78f8f701f56d14ea0836ec861
https://git.kernel.org/stable/c/4e51653d5d871f40f1bd5cf95cc7f2d8b33d063b
https://git.kernel.org/stable/c/6417684315087904fffe8966d27ca74398c57dd6
https://git.kernel.org/stable/c/b69f577308f1070004cafac106dd1a44099e5483
https://git.kernel.org/stable/c/f13edd1871d4fb4ab829aff629d47914e251bae3