Executive Summary

Informations
Name CVE-2024-26877 First vendor Publication 2024-04-17
Vendor Cve Last vendor Modification 2024-04-17

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

crypto: xilinx - call finalize with bh disabled

When calling crypto_finalize_request, BH should be disabled to avoid triggering the following calltrace:

------------[ cut here ]------------
WARNING: CPU: 2 PID: 74 at crypto/crypto_engine.c:58 crypto_finalize_request+0xa0/0x118
Modules linked in: cryptodev(O)
CPU: 2 PID: 74 Comm: firmware:zynqmp Tainted: G O 6.8.0-rc1-yocto-standard #323
Hardware name: ZynqMP ZCU102 Rev1.0 (DT)
pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : crypto_finalize_request+0xa0/0x118
lr : crypto_finalize_request+0x104/0x118
sp : ffffffc085353ce0
x29: ffffffc085353ce0 x28: 0000000000000000 x27: ffffff8808ea8688
x26: ffffffc081715038 x25: 0000000000000000 x24: ffffff880100db00
x23: ffffff880100da80 x22: 0000000000000000 x21: 0000000000000000
x20: ffffff8805b14000 x19: ffffff880100da80 x18: 0000000000010450
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000003 x13: 0000000000000000 x12: ffffff880100dad0
x11: 0000000000000000 x10: ffffffc0832dcd08 x9 : ffffffc0812416d8
x8 : 00000000000001f4 x7 : ffffffc0830d2830 x6 : 0000000000000001
x5 : ffffffc082091000 x4 : ffffffc082091658 x3 : 0000000000000000
x2 : ffffffc7f9653000 x1 : 0000000000000000 x0 : ffffff8802d20000
Call trace:
crypto_finalize_request+0xa0/0x118
crypto_finalize_aead_request+0x18/0x30
zynqmp_handle_aes_req+0xcc/0x388
crypto_pump_work+0x168/0x2d8
kthread_worker_fn+0xfc/0x3a0
kthread+0x118/0x138
ret_from_fork+0x10/0x20
irq event stamp: 40
hardirqs last enabled at (39): [] _raw_spin_unlock_irqrestore+0x70/0xb0
hardirqs last disabled at (40): [] el1_dbg+0x28/0x90
softirqs last enabled at (36): [] kernel_neon_begin+0x8c/0xf0
softirqs last disabled at (34): [] kernel_neon_begin+0x60/0xf0
---[ end trace 0000000000000000 ]---

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26877

Sources (Detail)

https://git.kernel.org/stable/c/03e6d4e948432a61b35783323b6ab2be071d2619
https://git.kernel.org/stable/c/23bc89fdce71124cd2126fc919c7076e7cb489cf
https://git.kernel.org/stable/c/8a01335aedc50a66d04dd39203c89f4bc8042596
https://git.kernel.org/stable/c/9db89b1fb85557892e6681724b367287de5f9f20
https://git.kernel.org/stable/c/a71f66bd5f7b9b35a8aaa49e29565eca66299399
https://git.kernel.org/stable/c/a853450bf4c752e664abab0b2fad395b7ad7701c
https://git.kernel.org/stable/c/dbf291d8ffffb70f48286176a15c6c54f0bb0743
Source Url

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2024-04-17 17:28:35
  • First insertion