CVE-2024-26795

MEDIUM

Linux Kernel < 5.10.212 - Out-of-Bounds Access

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: riscv: Sparse-Memory/vmemmap out-of-bounds fix Offset vmemmap so that the first page of vmemmap will be mapped to the first page of physical memory in order to ensure that vmemmap’s bounds will be respected during pfn_to_page()/page_to_pfn() operations. The conversion macros will produce correct SV39/48/57 addresses for every possible/valid DRAM_BASE inside the physical memory limits. v2:Address Alex's comments

References (7)

[Patch] https://git.kernel.org/stable/c/2a1728c15ec4f45ed9248ae22f626541c179bfbe

[Patch] https://git.kernel.org/stable/c/5941a90c55d3bfba732b32208d58d997600b44ef

[Patch] https://git.kernel.org/stable/c/8310080799b40fd9f2a8b808c657269678c149af

[Patch] https://git.kernel.org/stable/c/8af1c121b0102041809bc137ec600d1865eaeedd

[Patch] https://git.kernel.org/stable/c/a11dd49dcb9376776193e15641f84fcc1e5980c9

[Patch] https://git.kernel.org/stable/c/a278d5c60f21aa15d540abb2f2da6e6d795c3e6e

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 1.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

Status published

Affected Products (13)

linux/linux_kernel < 5.10.212

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

debian/debian_linux

linux/Kernel < 5.10.212linux

linux/Kernel < 5.15.151linux

linux/Kernel < 6.1.81linux

linux/Kernel < 6.6.21linux

linux/Kernel < 6.7.9linux

Timeline

Published Apr 04, 2024

Tracked Since Feb 18, 2026