CVE-2024-26618
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/03/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
arm64/sme: Always exit sme_alloc() early with existing storage<br />
<br />
When sme_alloc() is called with existing storage and we are not flushing we<br />
will always allocate new storage, both leaking the existing storage and<br />
corrupting the state. Fix this by separating the checks for flushing and<br />
for existing storage as we do for SVE.<br />
<br />
Callers that reallocate (eg, due to changing the vector length) should<br />
call sme_free() themselves.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.5 (including) | 6.6.15 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.7.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/569156e4fa347237f8fa2a7e935d860109c55ac4
- https://git.kernel.org/stable/c/814af6b4e6000e574e74d92197190edf07cc3680
- https://git.kernel.org/stable/c/dc7eb8755797ed41a0d1b5c0c39df3c8f401b3d9
- https://git.kernel.org/stable/c/f6421555dbd7cb3d4d70b69f33f998aaeca1e3b5
- https://git.kernel.org/stable/c/569156e4fa347237f8fa2a7e935d860109c55ac4
- https://git.kernel.org/stable/c/814af6b4e6000e574e74d92197190edf07cc3680
- https://git.kernel.org/stable/c/dc7eb8755797ed41a0d1b5c0c39df3c8f401b3d9
- https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html