Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2024-26618

HistoryMar 11, 2024 - 6:15 p.m.

CVE-2024-26618

2024-03-1118:15:19

Debian Security Bug Tracker

security-tracker.debian.org

linux kernel

arm64/sme

vulnerability

storage

flushing

cve-2024-26618

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit sme_alloc() early with existing storage When sme_alloc() is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state. Fix this by separating the checks for flushing and for existing storage as we do for SVE. Callers that reallocate (eg, due to changing the vector length) should call sme_free() themselves.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux<= 6.1.76-1linux_6.1.76-1_all.deb
Debian11alllinux< 5.10.209-2linux_5.10.209-2_all.deb
Debian10alllinux< 4.19.249-2linux_4.19.249-2_all.deb
Debian999alllinux< 6.6.15-1linux_6.6.15-1_all.deb
Debian13alllinux< 6.6.15-1linux_6.6.15-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	<= 6.1.76-1	linux_6.1.76-1_all.deb
Debian	11	all	linux	< 5.10.209-2	linux_5.10.209-2_all.deb
Debian	10	all	linux	< 4.19.249-2	linux_4.19.249-2_all.deb
Debian	999	all	linux	< 6.6.15-1	linux_6.6.15-1_all.deb
Debian	13	all	linux	< 6.6.15-1	linux_6.6.15-1_all.deb