CVE-2024-26753

crypto: virtio/akcipher - Fix stack overflow on memcpy

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

crypto: virtio/akcipher - Fix stack overflow on memcpy

sizeof(struct virtio_crypto_akcipher_session_para) is less than
sizeof(struct virtio_crypto_op_ctrl_req::u), copying more bytes from
stack variable leads stack overflow. Clang reports this issue by
commands:
make -j CC=clang-14 mrproper >/dev/null 2>&1
make -j O=/tmp/crypto-build CC=clang-14 allmodconfig >/dev/null 2>&1
make -j O=/tmp/crypto-build W=1 CC=clang-14 drivers/crypto/virtio/
virtio_crypto_akcipher_algs.o

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: virtio/akcipher: corrige el desbordamiento de pila en memcpy sizeof(struct virtio_crypto_akcipher_session_para) es menor que sizeof(struct virtio_crypto_op_ctrl_req::u), copiar más bytes de la variable de pila provoca el desbordamiento de pila. Clang informa este problema mediante comandos: make -j CC=clang-14 mrproper >/dev/null 2>&1 make -j O=/tmp/crypto-build CC=clang-14 allmodconfig >/dev/null 2>&1 make -j O=/tmp/crypto-build W=1 CC=clang-14 drivers/crypto/virtio/ virtio_crypto_akcipher_algs.o

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-03 CVE Published
2024-06-26 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/1ff57428894fc4f5001d3df0762c1820295d6c4f	Vuln. Introduced
https://git.kernel.org/stable/c/59ca6c93387d325e96577d8bd4c23c78c1491c11	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/37077ed16c7793e21b005979d33f8a61565b7e86	2024-03-06
https://git.kernel.org/stable/c/62f361bfea60c6afc3df09c1ad4152e6507f6f47	2024-03-01
https://git.kernel.org/stable/c/b0365460e945e1117b47cf7329d86de752daff63	2024-03-01
https://git.kernel.org/stable/c/ef1e47d50324e232d2da484fe55a54274eeb9bc1	2024-03-01
https://git.kernel.org/stable/c/c0ec2a712daf133d9996a8a1b7ee2d4996080363	2024-02-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.209 < 5.10.212 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.209 < 5.10.212"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.1.80 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.1.80"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.6.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.6.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.7.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.7.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.8"		en		Affected