OpenCVE

In the Linux kernel, the following vulnerability has been resolved: Revert "kobject: Remove redundant checks for whether ktype is NULL" This reverts commit 1b28cb81dab7c1eedc6034206f4e8d644046ad31. It is reported to cause problems, so revert it for now until the root cause can be found.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/3ca8fbabcceb8bfe44f7f50640092fd8f1de375c
https://git.kernel.org/stable/c/7f414d306320f837cc3df96cf52161cb8290fb1b
https://git.kernel.org/stable/c/b746d52ce7bcac325a2fa264216ead85b7fbbfaa
https://nvd.nist.gov/vuln/detail/CVE-2024-26604
https://www.cve.org/CVERecord?id=CVE-2024-26604

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-24T14:56:58.273Z

Updated: 2024-11-05T09:12:27.303Z

Reserved: 2024-02-19T14:20:24.129Z

Link: CVE-2024-26604

Vulnrichment

Updated: 2024-08-02T00:07:19.704Z

NVD

Status : Modified

Published: 2024-02-26T16:28:00.150

Modified: 2024-11-21T09:02:38.577

Link: CVE-2024-26604

Redhat

Severity : Moderate

Publid Date: 2024-02-26T00:00:00Z

Links: CVE-2024-26604 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26604", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.129Z", "datePublished": "2024-02-24T14:56:58.273Z", "dateUpdated": "2024-11-05T09:12:27.303Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:12:27.303Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"kobject: Remove redundant checks for whether ktype is NULL\"\n\nThis reverts commit 1b28cb81dab7c1eedc6034206f4e8d644046ad31.\n\nIt is reported to cause problems, so revert it for now until the root\ncause can be found."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["lib/kobject.c"], "versions": [{"version": "1b28cb81dab7", "lessThan": "7f414d306320", "status": "affected", "versionType": "git"}, {"version": "1b28cb81dab7", "lessThan": "b746d52ce7bc", "status": "affected", "versionType": "git"}, {"version": "1b28cb81dab7", "lessThan": "3ca8fbabcceb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["lib/kobject.c"], "versions": [{"version": "6.6", "status": "affected"}, {"version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.18", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.6", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/7f414d306320f837cc3df96cf52161cb8290fb1b"}, {"url": "https://git.kernel.org/stable/c/b746d52ce7bcac325a2fa264216ead85b7fbbfaa"}, {"url": "https://git.kernel.org/stable/c/3ca8fbabcceb8bfe44f7f50640092fd8f1de375c"}], "title": "Revert \"kobject: Remove redundant checks for whether ktype is NULL\"", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26604", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-28T21:07:11.228544Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:05.219Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.704Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7f414d306320f837cc3df96cf52161cb8290fb1b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b746d52ce7bcac325a2fa264216ead85b7fbbfaa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3ca8fbabcceb8bfe44f7f50640092fd8f1de375c", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7f414d306320f837cc3df96cf52161cb8290fb1b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b746d52ce7bcac325a2fa264216ead85b7fbbfaa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3ca8fbabcceb8bfe44f7f50640092fd8f1de375c", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.704Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26604", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-28T21:07:11.228544Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:41.152Z"}}], "cna": {"title": "Revert \"kobject: Remove redundant checks for whether ktype is NULL\"", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1b28cb81dab7", "lessThan": "7f414d306320", "versionType": "git"}, {"status": "affected", "version": "1b28cb81dab7", "lessThan": "b746d52ce7bc", "versionType": "git"}, {"status": "affected", "version": "1b28cb81dab7", "lessThan": "3ca8fbabcceb", "versionType": "git"}], "programFiles": ["lib/kobject.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.6"}, {"status": "unaffected", "version": "0", "lessThan": "6.6", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.18", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.6", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["lib/kobject.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/7f414d306320f837cc3df96cf52161cb8290fb1b"}, {"url": "https://git.kernel.org/stable/c/b746d52ce7bcac325a2fa264216ead85b7fbbfaa"}, {"url": "https://git.kernel.org/stable/c/3ca8fbabcceb8bfe44f7f50640092fd8f1de375c"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"kobject: Remove redundant checks for whether ktype is NULL\"\n\nThis reverts commit 1b28cb81dab7c1eedc6034206f4e8d644046ad31.\n\nIt is reported to cause problems, so revert it for now until the root\ncause can be found."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:12:27.303Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26604", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:12:27.303Z", "dateReserved": "2024-02-19T14:20:24.129Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-24T14:56:58.273Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B01C40A-3045-4566-BF8E-BAE6C4DB3469", "versionEndExcluding": "6.6.18", "versionStartIncluding": "6.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C8D1FAD-4D5D-4A25-B058-2AD15082710E", "versionEndExcluding": "6.7.6", "versionStartIncluding": "6.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"kobject: Remove redundant checks for whether ktype is NULL\"\n\nThis reverts commit 1b28cb81dab7c1eedc6034206f4e8d644046ad31.\n\nIt is reported to cause problems, so revert it for now until the root\ncause can be found."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Revertir \"kobject: eliminar comprobaciones redundantes para saber si ktype es NULL\" Esto revierte el commit 1b28cb81dab7c1eedc6034206f4e8d644046ad31. Se informa que causa problemas, as\u00ed que rev\u00edselo por ahora hasta que se pueda encontrar la causa ra\u00edz."}], "id": "CVE-2024-26604", "lastModified": "2024-11-21T09:02:38.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-26T16:28:00.150", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3ca8fbabcceb8bfe44f7f50640092fd8f1de375c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7f414d306320f837cc3df96cf52161cb8290fb1b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b746d52ce7bcac325a2fa264216ead85b7fbbfaa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3ca8fbabcceb8bfe44f7f50640092fd8f1de375c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7f414d306320f837cc3df96cf52161cb8290fb1b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b746d52ce7bcac325a2fa264216ead85b7fbbfaa"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: null pointer dereference in kobject", "id": "2266257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266257"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nRevert \"kobject: Remove redundant checks for whether ktype is NULL\"\nThis reverts commit 1b28cb81dab7c1eedc6034206f4e8d644046ad31.\nIt is reported to cause problems, so revert it for now until the root\ncause can be found.", "A vulnerability was found in the Linux kernel. A NULL pointer dereference exists in kobject."], "name": "CVE-2024-26604", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26604\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26604\nhttps://git.kernel.org/stable/c/3ca8fbabcceb8bfe44f7f50640092fd8f1de375c\nhttps://git.kernel.org/stable/c/7f414d306320f837cc3df96cf52161cb8290fb1b\nhttps://git.kernel.org/stable/c/b746d52ce7bcac325a2fa264216ead85b7fbbfaa"], "statement": "Red Hat Enterprise Linux 9 and 8 are not affected by this vulnerability.", "threat_severity": "Moderate"}