Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2024-26870
HistoryApr 17, 2024 - 11:15 a.m.

CVE-2024-26870

2024-04-1711:15:09
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
58
linux kernel vulnerability
resolved
nfsv4.2
nfs4_listxattr
kernel bug
erange error
nvd

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.2%

JSON

In the Linux kernel, the following vulnerability has been resolved:

NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102

A call to listxattr() with a buffer size = 0 returns the actual
size of the buffer needed for a subsequent call. When size > 0,
nfs4_listxattr() does not return an error because either
generic_listxattr() or nfs4_listxattr_nfs4_label() consumes
exactly all the bytes then size is 0 when calling
nfs4_listxattr_nfs4_user() which then triggers the following
kernel BUG:

[ 99.403778] kernel BUG at mm/usercopy.c:102!
[ 99.404063] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP
[ 99.408463] CPU: 0 PID: 3310 Comm: python3 Not tainted 6.6.0-61.fc40.aarch64 #1
[ 99.415827] Call trace:
[ 99.415985] usercopy_abort+0x70/0xa0
[ 99.416227] __check_heap_object+0x134/0x158
[ 99.416505] check_heap_object+0x150/0x188
[ 99.416696] __check_object_size.part.0+0x78/0x168
[ 99.416886] __check_object_size+0x28/0x40
[ 99.417078] listxattr+0x8c/0x120
[ 99.417252] path_listxattr+0x78/0xe0
[ 99.417476] __arm64_sys_listxattr+0x28/0x40
[ 99.417723] invoke_syscall+0x78/0x100
[ 99.417929] el0_svc_common.constprop.0+0x48/0xf0
[ 99.418186] do_el0_svc+0x24/0x38
[ 99.418376] el0_svc+0x3c/0x110
[ 99.418554] el0t_64_sync_handler+0x120/0x130
[ 99.418788] el0t_64_sync+0x194/0x198
[ 99.418994] Code: aa0003e3 d000a3e0 91310000 97f49bdb (d4210000)

Issue is reproduced when generic_listxattr() returns ‘system.nfs4_acl’,
thus calling lisxattr() with size = 16 will trigger the bug.

Add check on nfs4_listxattr() to return ERANGE error when it is
called with size > 0 and the return value is greater than size.

Affected configurations

Vulners
Node
linuxlinux_kernelRange5.95.10.214
OR
linuxlinux_kernelRange5.11.05.15.153
OR
linuxlinux_kernelRange5.16.06.1.83
OR
linuxlinux_kernelRange6.2.06.6.23
OR
linuxlinux_kernelRange6.7.06.7.11
OR
linuxlinux_kernelRange6.8.06.8.2
OR
linuxlinux_kernelRange6.9.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/nfs/nfs4proc.c"
    ],
    "versions": [
      {
        "version": "012a211abd5d",
        "lessThan": "4403438eaca6",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "012a211abd5d",
        "lessThan": "9d52865ff282",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "012a211abd5d",
        "lessThan": "06e828b3f1b2",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "012a211abd5d",
        "lessThan": "79cdcc765969",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "012a211abd5d",
        "lessThan": "80365c9f9601",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "012a211abd5d",
        "lessThan": "23bfecb4d852",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "012a211abd5d",
        "lessThan": "251a658bbfce",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/nfs/nfs4proc.c"
    ],
    "versions": [
      {
        "version": "5.9",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.9",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.214",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.153",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.83",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.23",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.7.11",
        "lessThanOrEqual": "6.7.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8.2",
        "lessThanOrEqual": "6.8.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

redhatcve 1
ubuntucve 1
cvelist 1
nvd 1
debiancve 1
vulnrichment 1
openvas 15
nessus 21
osv 13
ubuntu 6
debian 1
redhatcve
redhatcve
CVE-2024-26870
2024-04-17 18:54:37
ubuntucve
ubuntucve
CVE-2024-26870
2024-04-17 00:00:00
cvelist
cvelist
CVE-2024-26870 NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
2024-04-17 10:27:30
nvd
nvd
CVE-2024-26870
2024-04-17 11:15:09
debiancve
debiancve
CVE-2024-26870
2024-04-17 11:15:09
vulnrichment
vulnrichment
CVE-2024-26870 NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
2024-04-17 10:27:30
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1837)
2024-06-25 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1816)
2024-06-25 00:00:00
Ubuntu: Security Advisory (USN-6821-1)
2024-06-10 00:00:00
nessus
nessus
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1816)
2024-06-25 00:00:00
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)
2024-06-25 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6821-3)
2024-06-11 00:00:00
osv
osv
linux-gke, linux-ibm, linux-intel-iotg, linux-oracle vulnerabilities
2024-06-07 22:51:46
linux-nvidia vulnerabilities
2024-06-11 20:05:19
linux, linux-gcp, linux-gcp-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-xilinx-zynqmp vulnerabilities
2024-06-07 22:40:36
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-06-10 00:00:00
Linux kernel (Azure) vulnerabilities
2024-06-14 00:00:00
Linux kernel vulnerabilities
2024-06-07 00:00:00
debian
debian
[SECURITY] [DSA 5681-1] linux security update
2024-05-06 18:31:39

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.2%

JSON
Related for CVE-2024-26870
redhatcve1ubuntucve1cvelist1nvd1debiancve1vulnrichment1openvas15nessus21osv13ubuntu6debian1