CVE-2024-26764
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/04/2024
Last modified:
18/03/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio<br />
<br />
If kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the<br />
following kernel warning appears:<br />
<br />
WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8<br />
Call trace:<br />
kiocb_set_cancel_fn+0x9c/0xa8<br />
ffs_epfile_read_iter+0x144/0x1d0<br />
io_read+0x19c/0x498<br />
io_issue_sqe+0x118/0x27c<br />
io_submit_sqes+0x25c/0x5fc<br />
__arm64_sys_io_uring_enter+0x104/0xab0<br />
invoke_syscall+0x58/0x11c<br />
el0_svc_common+0xb4/0xf4<br />
do_el0_svc+0x2c/0xb0<br />
el0_svc+0x2c/0xa4<br />
el0t_64_sync_handler+0x68/0xb4<br />
el0t_64_sync+0x1a4/0x1a8<br />
<br />
Fix this by setting the IOCB_AIO_RW flag for read and write I/O that is<br />
submitted by libaio.
Impact
Base Score 3.x
3.30
Severity 3.x
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19.308 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.270 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.211 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.150 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.80 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.19 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.7.7 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/18f614369def2a11a52f569fe0f910b199d13487
- https://git.kernel.org/stable/c/1dc7d74fe456944a9b1c57bd776280249f441ac6
- https://git.kernel.org/stable/c/337b543e274fe7a8f47df3c8293cc6686ffa620f
- https://git.kernel.org/stable/c/b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942
- https://git.kernel.org/stable/c/b820de741ae48ccf50dd95e297889c286ff4f760
- https://git.kernel.org/stable/c/d7b6fa97ec894edd02f64b83e5e72e1aa352f353
- https://git.kernel.org/stable/c/e7e23fc5d5fe422827c9a43ecb579448f73876c7
- https://git.kernel.org/stable/c/ea1cd64d59f22d6d13f367d62ec6e27b9344695f
- https://git.kernel.org/stable/c/18f614369def2a11a52f569fe0f910b199d13487
- https://git.kernel.org/stable/c/1dc7d74fe456944a9b1c57bd776280249f441ac6
- https://git.kernel.org/stable/c/337b543e274fe7a8f47df3c8293cc6686ffa620f
- https://git.kernel.org/stable/c/b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942
- https://git.kernel.org/stable/c/b820de741ae48ccf50dd95e297889c286ff4f760
- https://git.kernel.org/stable/c/d7b6fa97ec894edd02f64b83e5e72e1aa352f353
- https://git.kernel.org/stable/c/e7e23fc5d5fe422827c9a43ecb579448f73876c7
- https://git.kernel.org/stable/c/ea1cd64d59f22d6d13f367d62ec6e27b9344695f
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html