CVE-2024-26639 - OpenCVE

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/20240318102117.2839904-10-lee@kernel.org/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26639
https://www.cve.org/CVERecord?id=CVE-2024-26639

History

No history.

MITRE

Status: REJECTED

Assigner: Linux

Published: 2024-03-18T10:19:06.455Z

Updated: 2024-06-20T08:29:53.809Z

Reserved: 2024-02-19T14:20:24.137Z

Link: CVE-2024-26639

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-03-18T11:15:10.880

Modified: 2024-06-20T09:15:11.183

Link: CVE-2024-26639

Redhat

Severity : Moderate

Publid Date: 2024-03-18T00:00:00Z

Links: CVE-2024-26639 - Bugzilla

{"bugzilla": {"description": "kernel: mm, kmsan: fix infinite recursion due to RCU critical section", "id": "2270102", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270102"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-400", "details": ["This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", "A vulnerability was found in mm, kmsan (Kernel Memory Sanitizer) component of Linux Kernel, causing infinite recursion due to a RCU (Read-Copy Update) critical section when accessing memory metadata. This recursion led to system instability and leads to DoS."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2024-26639", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26639\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26639\nhttps://lore.kernel.org/linux-cve-announce/20240318102117.2839904-10-lee@kernel.org/T"], "statement": "No Red Hat products are affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.1.77, kernel 6.6.16, kernel 6.7.4"}