CVE-2024-26900

CVE Details

Release Date:	2024-04-17
Impact:	Low	What is this?

Description

In the Linux kernel, the following vulnerability has been resolved:\nmd: fix kmemleak of rdev->serial\nIf kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be\nalloc not be freed, and kmemleak occurs.\nunreferenced object 0xffff88815a350000 (size 49152):\ncomm 'mdadm', pid 789, jiffies 4294716910\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace (crc f773277a):\n[<0000000058b0a453>] kmemleak_alloc+0x61/0xe0\n[<00000000366adf14>] __kmalloc_large_node+0x15e/0x270\n[<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f\n[<00000000f206d60a>] kvmalloc_node+0x74/0x150\n[<0000000034bf3363>] rdev_init_serial+0x67/0x170\n[<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220\n[<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630\n[<0000000073c28560>] md_add_new_disk+0x400/0x9f0\n[<00000000770e30ff>] md_ioctl+0x15bf/0x1c10\n[<000000006cfab718>] blkdev_ioctl+0x191/0x3f0\n[<0000000085086a11>] vfs_ioctl+0x22/0x60\n[<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0\n[<00000000e54e675e>] do_syscall_64+0x71/0x150\n[<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74

See more information about CVE-2024-26900 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	6.0
Vector String:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Version:	3.1
Attack Vector:	Local
Attack Complexity:	Low
Privileges Required:	High
User Interaction:	None
Scope:	Unchanged
Confidentiality Impact:	High
Integrity Impact:	None
Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 9 (kernel)	ELSA-2024-9315	2024-11-14