OpenCVE

In the Linux kernel, the following vulnerability has been resolved: netfs, fscache: Prevent Oops in fscache_put_cache() This function dereferences "cache" and then checks if it's IS_ERR_OR_NULL(). Check first, then dereference.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/1c45256e599061021e2c848952e50f406457e448
https://git.kernel.org/stable/c/3be0b3ed1d76c6703b9ee482b55f7e01c369cc68
https://git.kernel.org/stable/c/4200ad3e46ce50f410fdda302745489441bc70f0
https://git.kernel.org/stable/c/82a9bc343ba019665d3ddc1d9a180bf0e0390cf3
https://lore.kernel.org/linux-cve-announce/20240229155245.1571576-44-lee@kernel.org/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26612
https://www.cve.org/CVERecord?id=CVE-2024-26612

History

Wed, 13 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Wed, 06 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476
Metrics	cvssV3_1 `{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-29T15:52:17.001Z

Updated: 2024-11-06T15:24:15.263Z

Reserved: 2024-02-19T14:20:24.131Z

Link: CVE-2024-26612

Vulnrichment

Updated: 2024-08-02T00:07:19.627Z

NVD

Status : Awaiting Analysis

Published: 2024-03-11T18:15:19.170

Modified: 2024-11-21T09:02:39.610

Link: CVE-2024-26612

Redhat

Severity : Low

Publid Date: 2024-02-29T00:00:00Z

Links: CVE-2024-26612 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26612", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.131Z", "datePublished": "2024-02-29T15:52:17.001Z", "dateUpdated": "2024-11-06T15:24:15.263Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:12:35.426Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs, fscache: Prevent Oops in fscache_put_cache()\n\nThis function dereferences \"cache\" and then checks if it's\nIS_ERR_OR_NULL(). Check first, then dereference."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/netfs/fscache_cache.c"], "versions": [{"version": "9549332df4ed", "lessThan": "82a9bc343ba0", "status": "affected", "versionType": "git"}, {"version": "9549332df4ed", "lessThan": "1c45256e5990", "status": "affected", "versionType": "git"}, {"version": "9549332df4ed", "lessThan": "4200ad3e46ce", "status": "affected", "versionType": "git"}, {"version": "9549332df4ed", "lessThan": "3be0b3ed1d76", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/netfs/fscache_cache.c"], "versions": [{"version": "5.17", "status": "affected"}, {"version": "0", "lessThan": "5.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.76", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.15", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.3", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/82a9bc343ba019665d3ddc1d9a180bf0e0390cf3"}, {"url": "https://git.kernel.org/stable/c/1c45256e599061021e2c848952e50f406457e448"}, {"url": "https://git.kernel.org/stable/c/4200ad3e46ce50f410fdda302745489441bc70f0"}, {"url": "https://git.kernel.org/stable/c/3be0b3ed1d76c6703b9ee482b55f7e01c369cc68"}], "title": "netfs, fscache: Prevent Oops in fscache_put_cache()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-12T14:56:40.268034Z", "id": "CVE-2024-26612", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T15:24:15.263Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.627Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/82a9bc343ba019665d3ddc1d9a180bf0e0390cf3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1c45256e599061021e2c848952e50f406457e448", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4200ad3e46ce50f410fdda302745489441bc70f0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3be0b3ed1d76c6703b9ee482b55f7e01c369cc68", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/82a9bc343ba019665d3ddc1d9a180bf0e0390cf3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1c45256e599061021e2c848952e50f406457e448", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4200ad3e46ce50f410fdda302745489441bc70f0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3be0b3ed1d76c6703b9ee482b55f7e01c369cc68", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.627Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26612", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-12T14:56:40.268034Z"}}}, {"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:16.919Z"}}], "cna": {"title": "netfs, fscache: Prevent Oops in fscache_put_cache()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "9549332df4ed", "lessThan": "82a9bc343ba0", "versionType": "git"}, {"status": "affected", "version": "9549332df4ed", "lessThan": "1c45256e5990", "versionType": "git"}, {"status": "affected", "version": "9549332df4ed", "lessThan": "4200ad3e46ce", "versionType": "git"}, {"status": "affected", "version": "9549332df4ed", "lessThan": "3be0b3ed1d76", "versionType": "git"}], "programFiles": ["fs/netfs/fscache_cache.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.17"}, {"status": "unaffected", "version": "0", "lessThan": "5.17", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.76", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.15", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.3", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/netfs/fscache_cache.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/82a9bc343ba019665d3ddc1d9a180bf0e0390cf3"}, {"url": "https://git.kernel.org/stable/c/1c45256e599061021e2c848952e50f406457e448"}, {"url": "https://git.kernel.org/stable/c/4200ad3e46ce50f410fdda302745489441bc70f0"}, {"url": "https://git.kernel.org/stable/c/3be0b3ed1d76c6703b9ee482b55f7e01c369cc68"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs, fscache: Prevent Oops in fscache_put_cache()\n\nThis function dereferences \"cache\" and then checks if it's\nIS_ERR_OR_NULL(). Check first, then dereference."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:12:35.426Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26612", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:12:35.426Z", "dateReserved": "2024-02-19T14:20:24.131Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-29T15:52:17.001Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs, fscache: Prevent Oops in fscache_put_cache()\n\nThis function dereferences \"cache\" and then checks if it's\nIS_ERR_OR_NULL(). Check first, then dereference."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfs, fscache: Prevenir Ups en fscache_put_cache() Esta funci\u00f3n desreferencia \"cach\u00e9\" y luego verifica si es IS_ERR_OR_NULL(). Primero verifique y luego elimine la referencia."}], "id": "CVE-2024-26612", "lastModified": "2024-11-21T09:02:39.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-11T18:15:19.170", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1c45256e599061021e2c848952e50f406457e448"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3be0b3ed1d76c6703b9ee482b55f7e01c369cc68"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4200ad3e46ce50f410fdda302745489441bc70f0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/82a9bc343ba019665d3ddc1d9a180bf0e0390cf3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/1c45256e599061021e2c848952e50f406457e448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/3be0b3ed1d76c6703b9ee482b55f7e01c369cc68"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/4200ad3e46ce50f410fdda302745489441bc70f0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/82a9bc343ba019665d3ddc1d9a180bf0e0390cf3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: netfs, fscache: Prevent Oops in fscache_put_cache()", "id": "2269201", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269201"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-20", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetfs, fscache: Prevent Oops in fscache_put_cache()\nThis function dereferences \"cache\" and then checks if it's\nIS_ERR_OR_NULL(). Check first, then dereference."], "name": "CVE-2024-26612", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26612\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26612\nhttps://lore.kernel.org/linux-cve-announce/20240229155245.1571576-44-lee@kernel.org/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.1.76, kernel 6.6.15, kernel 6.7.3, kernel 6.8-rc2"}