Ubuntu.comUB:CVE-2024-26591CVE-2024-26591
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
In the Linux kernel, the following vulnerability has been resolved: bpf:
Fix re-attachment branch in bpf_tracing_prog_attach The following case can
cause a crash due to missing attach_btf: 1) load rawtp program 2) load
fentry program with rawtp as target_fd 3) create tracing link for fentry
program with target_fd = 0 4) repeat 3 In the end we have: -
prog->aux->dst_trampoline == NULL - tgt_prog == NULL (because we did not
provide target_fd to link_create) - prog->aux->attach_btf == NULL (the
program was loaded with attach_prog_fd=X) - the program was loaded for
tgt_prog but we have no way to find out which one BUG: kernel NULL pointer
dereference, address: 0000000000000058 Call Trace: <TASK> ? __die+0x20/0x70
? page_fault_oops+0x15b/0x430 ? fixup_exception+0x22/0x330 ?
exc_page_fault+0x6f/0x170 ? asm_exc_page_fault+0x22/0x30 ?
bpf_tracing_prog_attach+0x279/0x560 ? btf_obj_id+0x5/0x10
bpf_tracing_prog_attach+0x439/0x560 __sys_bpf+0x1cf4/0x2de0
__x64_sys_bpf+0x1c/0x30 do_syscall_64+0x41/0xf0
entry_SYSCALL_64_after_hwframe+0x6e/0x76 Return -EINVAL in this situation.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 22.04 | noarch | linux | < 5.15.0-102.112 | UNKNOWN |
| ubuntu | 23.10 | noarch | linux | < 6.5.0-28.29 | UNKNOWN |
| ubuntu | 24.04 | noarch | linux | < 6.8.0-7.7 | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1057.63 | UNKNOWN |
| ubuntu | 23.10 | noarch | linux-aws | < 6.5.0-1018.18 | UNKNOWN |
| ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1057.63~20.04.1 | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-aws-6.5 | < 6.5.0-1018.18~22.04.1 | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1060.69 | UNKNOWN |
| ubuntu | 23.10 | noarch | linux-azure | < 6.5.0-1019.20 | UNKNOWN |
References
git.kernel.org/stable/c/50ae82f080cf87e84828f066c31723b781d68f5b
git.kernel.org/stable/c/6cc9c0af0aa06f781fa515a1734b1a4239dfd2c0
git.kernel.org/stable/c/715d82ba636cb3629a6e18a33bb9dbe53f9936ee
git.kernel.org/stable/c/8c8bcd45e9b10eef12321f08d2e5be33d615509c
git.kernel.org/stable/c/a7b98aa10f895e2569403896f2d19b73b6c95653
launchpad.net/bugs/cve/CVE-2024-26591
nvd.nist.gov/vuln/detail/CVE-2024-26591
security-tracker.debian.org/tracker/CVE-2024-26591
ubuntu.com/security/notices/USN-6688-1
ubuntu.com/security/notices/USN-6725-1
ubuntu.com/security/notices/USN-6725-2
ubuntu.com/security/notices/USN-6743-1
ubuntu.com/security/notices/USN-6743-2
ubuntu.com/security/notices/USN-6743-3
www.cve.org/CVERecord?id=CVE-2024-26591
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%