Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentLinuxVULNRICHMENT:CVE-2024-26926
HistoryApr 24, 2024 - 11:23 p.m.

CVE-2024-26926 binder: check offset alignment in binder_get_object()

2024-04-2423:23:40
Linux
github.com
14
linux kernel
offset alignment
data leakage
binder objects
copy

AI Score

6.7

Confidence

Low

EPSS

0

Percentile

10.3%

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

JSON

In the Linux kernel, the following vulnerability has been resolved:

binder: check offset alignment in binder_get_object()

Commit 6d98eb95b450 (“binder: avoid potential data leakage when copying
txn”) introduced changes to how binder objects are copied. In doing so,
it unintentionally removed an offset alignment check done through calls
to binder_alloc_copy_from_buffer() -> check_buffer().

These calls were replaced in binder_get_object() with copy_from_user(),
so now an explicit offset alignment check is needed here. This avoids
later complications when unwinding the objects gets harder.

It is worth noting this check existed prior to commit 7a67a39320df
(“binder: add function to copy binder object from buffer”), likely
removed due to redundancy at the time.

CNA Affected

[
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "c056a6ba35e0",
        "lessThan": "68a28f551e46",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "23e9d815fad8",
        "lessThan": "48a1f83ca9c6",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "7a9ad4aceb02",
        "lessThan": "a2fd6dbc98be",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "6d98eb95b450",
        "lessThan": "a6d2a8b211c8",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "6d98eb95b450",
        "lessThan": "1d7f1049035b",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "6d98eb95b450",
        "lessThan": "f01d66190457",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "6d98eb95b450",
        "lessThan": "aaef73821a3b",
        "versionType": "git"
      }
    ],
    "programFiles": [
      "drivers/android/binder.c"
    ],
    "defaultStatus": "unaffected"
  },
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "5.17"
      },
      {
        "status": "unaffected",
        "version": "0",
        "lessThan": "5.17",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "5.4.275",
        "versionType": "custom",
        "lessThanOrEqual": "5.4.*"
      },
      {
        "status": "unaffected",
        "version": "5.10.216",
        "versionType": "custom",
        "lessThanOrEqual": "5.10.*"
      },
      {
        "status": "unaffected",
        "version": "5.15.157",
        "versionType": "custom",
        "lessThanOrEqual": "5.15.*"
      },
      {
        "status": "unaffected",
        "version": "6.1.88",
        "versionType": "custom",
        "lessThanOrEqual": "6.1.*"
      },
      {
        "status": "unaffected",
        "version": "6.6.29",
        "versionType": "custom",
        "lessThanOrEqual": "6.6.*"
      },
      {
        "status": "unaffected",
        "version": "6.8.8",
        "versionType": "custom",
        "lessThanOrEqual": "6.8.*"
      },
      {
        "status": "unaffected",
        "version": "6.9",
        "versionType": "original_commit_for_fix",
        "lessThanOrEqual": "*"
      }
    ],
    "programFiles": [
      "drivers/android/binder.c"
    ],
    "defaultStatus": "affected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "affected",
        "version": "c056a6ba35e0",
        "lessThan": "68a28f551e46",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "23e9d815fad8",
        "lessThan": "48a1f83ca9c6",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "7a9ad4aceb02",
        "lessThan": "a2fd6dbc98be",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "6d98eb95b450",
        "lessThan": "a6d2a8b211c8",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "6d98eb95b450",
        "lessThan": "1d7f1049035b",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "6d98eb95b450",
        "lessThan": "f01d66190457",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "6d98eb95b450",
        "lessThan": "aaef73821a3b",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:5.17:-:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "affected",
        "version": "5.17"
      }
    ],
    "defaultStatus": "affected"
  }
]

Related

osv 27
redhatcve 1
nvd 1
ubuntucve 1
cvelist 1
debiancve 1
cve 1
openvas 25
nessus 27
debian 2
ubuntu 21
osv
osv
CVE-2024-26926
2024-04-25 06:15:00
Unintend failure in binder_transaction lead to ref->proc UAF
2024-06-01 00:00:00
linux - security update
2024-05-06 00:00:00
redhatcve
redhatcve
CVE-2024-26926
2024-04-25 14:39:24
nvd
nvd
CVE-2024-26926
2024-04-25 06:15:57
ubuntucve
ubuntucve
CVE-2024-26926
2024-04-25 00:00:00
cvelist
cvelist
CVE-2024-26926 binder: check offset alignment in binder_get_object()
2024-04-24 23:23:40
debiancve
debiancve
CVE-2024-26926
2024-04-25 06:15:57
cve
cve
CVE-2024-26926
2024-04-25 06:15:57
openvas
openvas
Debian: Security Advisory (DSA-5680-1)
2024-05-07 00:00:00
Ubuntu: Security Advisory (USN-6895-4)
2024-08-05 00:00:00
Ubuntu: Security Advisory (USN-6895-1)
2024-07-15 00:00:00
nessus
nessus
Debian dsa-5680 : affs-modules-6.1.0-21-4kc-malta-di - security update
2024-05-06 00:00:00
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6895-4)
2024-08-02 00:00:00
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6895-3)
2024-07-19 00:00:00
debian
debian
[SECURITY] [DSA 5680-1] linux security update
2024-05-06 17:40:02
[SECURITY] [DSA 5681-1] linux security update
2024-05-06 18:31:39
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-07-19 00:00:00
Linux kernel vulnerabilities
2024-07-16 00:00:00
Linux kernel vulnerabilities
2024-07-12 00:00:00

AI Score

6.7

Confidence

Low

EPSS

0

Percentile

10.3%

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

JSON
Related for VULNRICHMENT:CVE-2024-26926
osv27redhatcve1nvd1ubuntucve1cvelist1debiancve1cve1openvas25nessus27debian2ubuntu21