CVE-2024-26946

May 1, 2024, 1:02 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Read from an unsafe address with copy_from_kernel_nofault() in arch_adjust_kprobe_addr() because this function is used before checking the address is in text or not. Syzcaller bot found a bug and reported the case if user specifies inaccessible data area, arch_adjust_kprobe_addr() will cause a kernel panic. [ mingo: Clarified the comment. ]

Product(s) Impacted

Product Versions
Linux Kernel

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/20fdb21eabaeb8f78f8f701f56d14ea0836ec861
https://git.kernel.org/stable/c/4e51653d5d871f40f1bd5cf95cc7f2d8b33d063b
https://git.kernel.org/stable/c/6417684315087904fffe8966d27ca74398c57dd6
https://git.kernel.org/stable/c/b69f577308f1070004cafac106dd1a44099e5483
https://git.kernel.org/stable/c/f13edd1871d4fb4ab829aff629d47914e251bae3

Tags

2024-05-01
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVE-2024-26946

Date

  • Published: May 1, 2024, 6:15 a.m.
  • Last Modified: May 1, 2024, 1:02 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.