CVE-2024-26632

block: Fix iterating over an empty bio with bio_for_each_folio_all

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

block: Fix iterating over an empty bio with bio_for_each_folio_all

If the bio contains no data, bio_first_folio() calls page_folio() on a
NULL pointer and oopses. Move the test that we've reached the end of
the bio from bio_next_folio() to bio_first_folio().

[axboe: add unlikely() to error case]

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bloque: corrige la iteración sobre una biografía vacía con bio_for_each_folio_all Si la biografía no contiene datos, bio_first_folio() llama a page_folio() en un puntero NULL y ¡vaya! Mueve la prueba de que hemos llegado al final de la biografía de bio_next_folio() a bio_first_folio(). [axboe: agregue improbable() al caso de error]

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-03-18 CVE Published
2024-03-19 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/640d1930bef4f87ec8d8d2b05f0f6edc1dfcf662	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/c6350b5cb78e9024c49eaee6fdb914ad2903a5fe	2024-01-25
https://git.kernel.org/stable/c/a6bd8182137a12d22d3f2cee463271bdcb491659	2024-01-25
https://git.kernel.org/stable/c/ca3ede3f5893e2d26d4dbdef1eec28a8487fafde	2024-01-25
https://git.kernel.org/stable/c/7bed6f3d08b7af27b7015da8dc3acf2b9c1f21d7	2024-01-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.1.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.1.75"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.6.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.6.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.7.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.7.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.8"		en		Affected