CVE-2024-26824

MEDIUM

Linux Kernel - Buffer Overflow

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - Remove bogus SGL free on zero-length error path When a zero-length message is hashed by algif_hash, and an error is triggered, it tries to free an SG list that was never allocated in the first place. Fix this by not freeing the SG list on the zero-length error path.

References (3)

[Patch] https://git.kernel.org/stable/c/24c890dd712f6345e382256cae8c97abb0406b70

[Patch] https://git.kernel.org/stable/c/775f3c1882a493168e08fdb8cde0865c8f3a8a29

[Patch] https://git.kernel.org/stable/c/9c82920359b7c1eddaf72069bcfe0ffddf088cd0

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 3.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

Status published

Affected Products (6)

linux/linux_kernel < 6.6.18

linux/linux_kernel

linux/Kernel < 6.6.18linux

linux/Kernel < 6.7.6linux

Timeline

Published Apr 17, 2024

Tracked Since Feb 18, 2026