Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2024-26848
HistoryApr 17, 2024 - 11:15 a.m.

CVE-2024-26848

2024-04-1711:15:08
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
1
linux kernel
vulnerability
directory parsing
endless loop
fix
code
soft lookup
bug
cpu
watchdog
rip
cve
bugzilla.

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON

In the Linux kernel, the following vulnerability has been resolved:

afs: Fix endless loop in directory parsing

If a directory has a block with only “.__afsXXXX” files in it (from
uncompleted silly-rename), these .__afsXXXX files are skipped but without
advancing the file position in the dir_context. This leads to
afs_dir_iterate() repeating the block again and again.

Fix this by making the code that skips the .__afsXXXX file also manually
advance the file position.

The symptoms are a soft lookup:

    watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737]
    ...
    RIP: 0010:afs_dir_iterate_block+0x39/0x1fd
    ...
     ? watchdog_timer_fn+0x1a6/0x213
    ...
     ? asm_sysvec_apic_timer_interrupt+0x16/0x20
     ? afs_dir_iterate_block+0x39/0x1fd
     afs_dir_iterate+0x10a/0x148
     afs_readdir+0x30/0x4a
     iterate_dir+0x93/0xd3
     __do_sys_getdents64+0x6b/0xd4

This is almost certainly the actual fix for:

    https://bugzilla.kernel.org/show_bug.cgi?id=218496

References

Related

ubuntucve 1
debiancve 1
cve 1
redhatcve 1
cvelist 1
osv 7
nessus 10
openvas 9
ubuntu 4
debian 1
ubuntucve
ubuntucve
CVE-2024-26848
2024-04-17 00:00:00
debiancve
debiancve
CVE-2024-26848
2024-04-17 11:15:08
cve
cve
CVE-2024-26848
2024-04-17 11:15:08
redhatcve
redhatcve
CVE-2024-26848
2024-04-17 19:53:40
cvelist
cvelist
CVE-2024-26848 afs: Fix endless loop in directory parsing
2024-04-17 10:14:19
osv
osv
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities
2024-06-12 15:51:37
linux-azure, linux-gke vulnerabilities
2024-06-14 17:24:38
linux-aws, linux-gcp vulnerabilities
2024-06-07 18:49:30
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6831-1)
2024-06-12 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1490-1)
2024-05-04 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1659-1)
2024-05-16 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6831-1)
2024-06-13 00:00:00
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1490-1)
2024-05-07 00:00:00
Ubuntu: Security Advisory (USN-6817-3)
2024-06-17 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-06-07 00:00:00
Linux kernel vulnerabilities
2024-06-07 00:00:00
Linux kernel (OEM) vulnerabilities
2024-06-11 00:00:00
debian
debian
[SECURITY] [DSA 5681-1] linux security update
2024-05-06 18:31:39

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON
Related for NVD:CVE-2024-26848
ubuntucve1debiancve1cve1redhatcve1cvelist1osv7nessus10openvas9ubuntu4debian1