Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-26877

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/04/2024
Last modified:
23/12/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: xilinx - call finalize with bh disabled<br /> <br /> When calling crypto_finalize_request, BH should be disabled to avoid<br /> triggering the following calltrace:<br /> <br /> ------------[ cut here ]------------<br /> WARNING: CPU: 2 PID: 74 at crypto/crypto_engine.c:58 crypto_finalize_request+0xa0/0x118<br /> Modules linked in: cryptodev(O)<br /> CPU: 2 PID: 74 Comm: firmware:zynqmp Tainted: G O 6.8.0-rc1-yocto-standard #323<br /> Hardware name: ZynqMP ZCU102 Rev1.0 (DT)<br /> pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : crypto_finalize_request+0xa0/0x118<br /> lr : crypto_finalize_request+0x104/0x118<br /> sp : ffffffc085353ce0<br /> x29: ffffffc085353ce0 x28: 0000000000000000 x27: ffffff8808ea8688<br /> x26: ffffffc081715038 x25: 0000000000000000 x24: ffffff880100db00<br /> x23: ffffff880100da80 x22: 0000000000000000 x21: 0000000000000000<br /> x20: ffffff8805b14000 x19: ffffff880100da80 x18: 0000000000010450<br /> x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000<br /> x14: 0000000000000003 x13: 0000000000000000 x12: ffffff880100dad0<br /> x11: 0000000000000000 x10: ffffffc0832dcd08 x9 : ffffffc0812416d8<br /> x8 : 00000000000001f4 x7 : ffffffc0830d2830 x6 : 0000000000000001<br /> x5 : ffffffc082091000 x4 : ffffffc082091658 x3 : 0000000000000000<br /> x2 : ffffffc7f9653000 x1 : 0000000000000000 x0 : ffffff8802d20000<br /> Call trace:<br /> crypto_finalize_request+0xa0/0x118<br /> crypto_finalize_aead_request+0x18/0x30<br /> zynqmp_handle_aes_req+0xcc/0x388<br /> crypto_pump_work+0x168/0x2d8<br /> kthread_worker_fn+0xfc/0x3a0<br /> kthread+0x118/0x138<br /> ret_from_fork+0x10/0x20<br /> irq event stamp: 40<br /> hardirqs last enabled at (39): [] _raw_spin_unlock_irqrestore+0x70/0xb0<br /> hardirqs last disabled at (40): [] el1_dbg+0x28/0x90<br /> softirqs last enabled at (36): [] kernel_neon_begin+0x8c/0xf0<br /> softirqs last disabled at (34): [] kernel_neon_begin+0x60/0xf0<br /> ---[ end trace 0000000000000000 ]---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.7 (including) 5.10.214 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.153 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.83 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.23 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.7.11 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.8 (including) 6.8.2 (excluding)
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools