CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
In the Linux kernel, the following vulnerability has been resolved: md: fix
kmemleak of rdev->serial If kobject_add() is fail in bind_rdev_to_array(),
‘rdev->serial’ will be alloc not be freed, and kmemleak occurs.
unreferenced object 0xffff88815a350000 (size 49152): comm “mdadm”, pid 789,
jiffies 4294716910 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 … 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 … backtrace (crc f773277a): [<0000000058b0a453>]
kmemleak_alloc+0x61/0xe0 [<00000000366adf14>]
__kmalloc_large_node+0x15e/0x270 [<000000002e82961b>]
__kmalloc_node.cold+0x11/0x7f [<00000000f206d60a>] kvmalloc_node+0x74/0x150
[<0000000034bf3363>] rdev_init_serial+0x67/0x170 [<0000000010e08fe9>]
mddev_create_serial_pool+0x62/0x220 [<00000000c3837bf0>]
bind_rdev_to_array+0x2af/0x630 [<0000000073c28560>]
md_add_new_disk+0x400/0x9f0 [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10
[<000000006cfab718>] blkdev_ioctl+0x191/0x3f0 [<0000000085086a11>]
vfs_ioctl+0x22/0x60 [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0
[<00000000e54e675e>] do_syscall_64+0x71/0x150 [<000000008b0ad622>]
entry_SYSCALL_64_after_hwframe+0x6c/0x74
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < 6.8.0-35.35 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < 6.8.0-1009.9 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
git.kernel.org/linus/6cf350658736681b9d6b0b6e58c5c76b235bb4c4 (6.9-rc1)
git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366
git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4
git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea
launchpad.net/bugs/cve/CVE-2024-26900
nvd.nist.gov/vuln/detail/CVE-2024-26900
security-tracker.debian.org/tracker/CVE-2024-26900
ubuntu.com/security/notices/USN-6816-1
ubuntu.com/security/notices/USN-6817-1
ubuntu.com/security/notices/USN-6817-2
ubuntu.com/security/notices/USN-6817-3
ubuntu.com/security/notices/USN-6878-1
www.cve.org/CVERecord?id=CVE-2024-26900