CVE-2024-26598

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that invalidates the cache, such as a DISCARD ITS command. The root of the problem is that vgic_its_check_cache() does not elevate the refcount on the vgic_irq before dropping the lock that serializes refcount changes. Have vgic_its_check_cache() raise the refcount on the returned vgic_irq and add the corresponding decrement after queueing the interrupt.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

21 Nov 2024, 09:02

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html -
References () https://git.kernel.org/stable/c/12c2759ab1343c124ed46ba48f27bd1ef5d2dff4 - Patch () https://git.kernel.org/stable/c/12c2759ab1343c124ed46ba48f27bd1ef5d2dff4 - Patch
References () https://git.kernel.org/stable/c/65b201bf3e9af1b0254243a5881390eda56f72d1 - Patch () https://git.kernel.org/stable/c/65b201bf3e9af1b0254243a5881390eda56f72d1 - Patch
References () https://git.kernel.org/stable/c/ad362fe07fecf0aba839ff2cc59a3617bd42c33f - Patch () https://git.kernel.org/stable/c/ad362fe07fecf0aba839ff2cc59a3617bd42c33f - Patch
References () https://git.kernel.org/stable/c/ba7be666740847d967822bed15500656b26bc703 - Patch () https://git.kernel.org/stable/c/ba7be666740847d967822bed15500656b26bc703 - Patch
References () https://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88 - Patch () https://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88 - Patch
References () https://git.kernel.org/stable/c/dba788e25f05209adf2b0175eb1691dc89fb1ba6 - Patch () https://git.kernel.org/stable/c/dba788e25f05209adf2b0175eb1691dc89fb1ba6 - Patch
References () https://git.kernel.org/stable/c/dd3956a1b3dd11f46488c928cb890d6937d1ca80 - Patch () https://git.kernel.org/stable/c/dd3956a1b3dd11f46488c928cb890d6937d1ca80 - Patch

05 Nov 2024, 10:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}

27 Aug 2024, 14:34

Type Values Removed Values Added
First Time Debian
Debian debian Linux
References () https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html - () https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html - Mailing List, Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

25 Jun 2024, 21:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html -

17 Apr 2024, 19:40

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: arm64: vgic-its: Evite posibles UAF en la caché de traducción LPI. Existe un escenario potencial de UAF en el caso de que un caché de traducción LPI se acelere con una operación que invalide la caché, como un comando DISCARD ITS. La raíz del problema es que vgic_its_check_cache() no eleva el refcount en vgic_irq antes de eliminar el bloqueo que serializa los cambios de refcount. Haga que vgic_its_check_cache() aumente el refcount en el vgic_irq devuelto y agregue el decremento correspondiente después de poner en cola la interrupción.
CWE CWE-416
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
References () https://git.kernel.org/stable/c/12c2759ab1343c124ed46ba48f27bd1ef5d2dff4 - () https://git.kernel.org/stable/c/12c2759ab1343c124ed46ba48f27bd1ef5d2dff4 - Patch
References () https://git.kernel.org/stable/c/65b201bf3e9af1b0254243a5881390eda56f72d1 - () https://git.kernel.org/stable/c/65b201bf3e9af1b0254243a5881390eda56f72d1 - Patch
References () https://git.kernel.org/stable/c/ad362fe07fecf0aba839ff2cc59a3617bd42c33f - () https://git.kernel.org/stable/c/ad362fe07fecf0aba839ff2cc59a3617bd42c33f - Patch
References () https://git.kernel.org/stable/c/ba7be666740847d967822bed15500656b26bc703 - () https://git.kernel.org/stable/c/ba7be666740847d967822bed15500656b26bc703 - Patch
References () https://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88 - () https://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88 - Patch
References () https://git.kernel.org/stable/c/dba788e25f05209adf2b0175eb1691dc89fb1ba6 - () https://git.kernel.org/stable/c/dba788e25f05209adf2b0175eb1691dc89fb1ba6 - Patch
References () https://git.kernel.org/stable/c/dd3956a1b3dd11f46488c928cb890d6937d1ca80 - () https://git.kernel.org/stable/c/dd3956a1b3dd11f46488c928cb890d6937d1ca80 - Patch
First Time Linux linux Kernel
Linux

23 Feb 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-23 15:15

Updated : 2024-11-21 09:02


NVD link : CVE-2024-26598

Mitre link : CVE-2024-26598

CVE.ORG link : CVE-2024-26598


JSON object : View

Products Affected

debian

  • debian_linux

linux

  • linux_kernel
CWE
CWE-416

Use After Free