Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Local

CVE-2024-26900

Disclosure Date: April 17, 2024 •

CVE-2024-26900 CVSS v3 Base Score: 5.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

md: fix kmemleak of rdev->serial

If kobject_add() is fail in bind_rdev_to_array(), ‘rdev->serial’ will be
alloc not be freed, and kmemleak occurs.

unreferenced object 0xffff88815a350000 (size 49152):
comm “mdadm”, pid 789, jiffies 4294716910
hex dump (first 32 bytes):

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

backtrace (crc f773277a):

[<0000000058b0a453>] kmemleak_alloc+0x61/0xe0
[<00000000366adf14>] __kmalloc_large_node+0x15e/0x270
[<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f
[<00000000f206d60a>] kvmalloc_node+0x74/0x150
[<0000000034bf3363>] rdev_init_serial+0x67/0x170
[<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220
[<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630
[<0000000073c28560>] md_add_new_disk+0x400/0x9f0
[<00000000770e30ff>] md_ioctl+0x15bf/0x1c10
[<000000006cfab718>] blkdev_ioctl+0x191/0x3f0
[<0000000085086a11>] vfs_ioctl+0x22/0x60
[<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0
[<00000000e54e675e>] do_syscall_64+0x71/0x150
[<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.5 Medium

Impact Score:

3.6

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

linux

Products

linux kernel

References

Canonical

CVE-2024-26900 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26900)

Miscellaneous

https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea

https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366

https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4

https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123

https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9

https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9

https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995

https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html

Rapid7

Unknown

CVE-2024-26900

Unknown

Unknown

None

Low

Local

CVE-2024-26900

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-26900

Unknown

Unknown

None

Low

Local

CVE-2024-26900

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification