CVE-2024-26920

tracing/trigger: Fix to return error if failed to alloc snapshot

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot Fix register_snapshot_trigger() to return error code if it failed to
allocate a snapshot instead of 0 (success). Unless that, it will register
snapshot trigger without an error.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: rastreo/activador: Corrección para devolver error si no se pudo asignar la instantánea. Corrección de Register_snapshot_trigger() para devolver código de error si no se pudo asignar una instantánea en lugar de 0 (éxito). A menos que eso, registrará la activación de la instantánea sin error.

In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot Fix register_snapshot_trigger() to return error code if it failed to allocate a snapshot instead of 0 (success). Unless that, it will register snapshot trigger without an error.

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-17 CVE Published
2025-01-24 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (22)

URL	Tag	Source
https://git.kernel.org/stable/c/0bbe7f719985efd9adb3454679ecef0984cb6800	Vuln. Introduced
https://git.kernel.org/stable/c/7c6feb347a4bb1f02e55f6814c93b5f7fab887a8	Vuln. Introduced
https://git.kernel.org/stable/c/a289fd864722dcf5363fec66a35965d4964df515	Vuln. Introduced
https://git.kernel.org/stable/c/7054f86f268c0d9d62b52a4497dd0e8c10a7e5c7	Vuln. Introduced
https://git.kernel.org/stable/c/57f2a2ad73e99a7594515848f4da987326a15981	Vuln. Introduced
https://git.kernel.org/stable/c/0026e356e51ab3b54322eeb445c75a087ede5b9d	Vuln. Introduced
https://git.kernel.org/stable/c/ffa70d104691aa609a18a9a6692049deb35f431f	Vuln. Introduced
https://git.kernel.org/stable/c/733c611a758c68894a4480fb999637476118a8fc	Vuln. Introduced
https://git.kernel.org/stable/c/2450a69d2ee75d1f0112d509ac82ef98f5ad6b5f
https://git.kernel.org/stable/c/26ebeffff238488466fa578be3b35b8a46e69906
https://git.kernel.org/stable/c/2a3073d58382157ab396734ed4e421ba9e969db1
https://git.kernel.org/stable/c/34925d01baf3ee62ab21c21efd9e2c44c24c004a
https://git.kernel.org/stable/c/56cfbe60710772916a5ba092c99542332b48e870
https://git.kernel.org/stable/c/8ffd5590f4d6ef5460acbeac7fbdff7025f9b419
https://git.kernel.org/stable/c/b5085b5ac1d96ea2a8a6240f869655176ce44197
https://git.kernel.org/stable/c/bcf4a115a5068f3331fafb8c176c1af0da3d8b19

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/36be97e9eb535fe3008a5cb040b1e56f29f2e398	2024-02-23
https://git.kernel.org/stable/c/6022c065c9ec465d84cebff8f480db083e4ee06b	2024-02-23
https://git.kernel.org/stable/c/4b001ef14baab16b553a002cb9979e31b8fc0c6b	2024-02-23
https://git.kernel.org/stable/c/0958b33ef5a04ed91f61cef4760ac412080c4e08	2024-01-26

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26920	2024-11-12
https://bugzilla.redhat.com/show_bug.cgi?id=2275775	2024-11-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.7 < 6.1.79 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 6.1.79"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.7 < 6.6.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 6.6.18"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.7 < 6.7.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 6.7.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.7 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 6.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.4.220 Search vendor "Linux" for product "Linux Kernel" and version "4.4.220"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.9.220 Search vendor "Linux" for product "Linux Kernel" and version "4.9.220"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.14.177 Search vendor "Linux" for product "Linux Kernel" and version "4.14.177"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.19.117 Search vendor "Linux" for product "Linux Kernel" and version "4.19.117"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.4.34 Search vendor "Linux" for product "Linux Kernel" and version "5.4.34"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.5.19 Search vendor "Linux" for product "Linux Kernel" and version "5.5.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.6.6 Search vendor "Linux" for product "Linux Kernel" and version "5.6.6"		en		Affected