{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-26816", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.180Z", "datePublished": "2024-04-10T13:53:49.492Z", "dateUpdated": "2024-11-05T09:16:21.503Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:16:21.503Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86, relocs: Ignore relocations in .notes section\n\nWhen building with CONFIG_XEN_PV=y, .text symbols are emitted into\nthe .notes section so that Xen can find the \"startup_xen\" entry point.\nThis information is used prior to booting the kernel, so relocations\nare not useful. In fact, performing relocations against the .notes\nsection means that the KASLR base is exposed since /sys/kernel/notes\nis world-readable.\n\nTo avoid leaking the KASLR base without breaking unprivileged tools that\nare expecting to read /sys/kernel/notes, skip performing relocations in\nthe .notes section. The values readable in .notes are then identical to\nthose found in System.map."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/tools/relocs.c"], "versions": [{"version": "5ead97c84fa7", "lessThan": "13edb509abc9", "status": "affected", "versionType": "git"}, {"version": "5ead97c84fa7", "lessThan": "52018aa146e3", "status": "affected", "versionType": "git"}, {"version": "5ead97c84fa7", "lessThan": "a4e7ff1a7427", "status": "affected", "versionType": "git"}, {"version": "5ead97c84fa7", "lessThan": "c7cff9780297", "status": "affected", "versionType": "git"}, {"version": "5ead97c84fa7", "lessThan": "47635b112a64", "status": "affected", "versionType": "git"}, {"version": "5ead97c84fa7", "lessThan": "af2a9f98d884", "status": "affected", "versionType": "git"}, {"version": "5ead97c84fa7", "lessThan": "ae7079238f6f", "status": "affected", "versionType": "git"}, {"version": "5ead97c84fa7", "lessThan": "5cb59db49c9c", "status": "affected", "versionType": "git"}, {"version": "5ead97c84fa7", "lessThan": "aaa8736370db", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/tools/relocs.c"], "versions": [{"version": "2.6.23", "status": "affected"}, {"version": "0", "lessThan": "2.6.23", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.311", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.273", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.214", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.153", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.83", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.23", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03"}, {"url": "https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088"}, {"url": "https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20a"}, {"url": "https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9af"}, {"url": "https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723"}, {"url": "https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1c"}, {"url": "https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aa"}, {"url": "https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40"}, {"url": "https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3b"}], "title": "x86, relocs: Ignore relocations in .notes section", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-21T16:05:35.963352Z", "id": "CVE-2024-26816", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-21T16:05:55.498Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:13.600Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9af", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3b", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9af", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3b", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:13.600Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26816", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-21T16:05:35.963352Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-21T16:05:52.537Z"}}], "cna": {"title": "x86, relocs: Ignore relocations in .notes section", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5ead97c84fa7", "lessThan": "13edb509abc9", "versionType": "git"}, {"status": "affected", "version": "5ead97c84fa7", "lessThan": "52018aa146e3", "versionType": "git"}, {"status": "affected", "version": "5ead97c84fa7", "lessThan": "a4e7ff1a7427", "versionType": "git"}, {"status": "affected", "version": "5ead97c84fa7", "lessThan": "c7cff9780297", "versionType": "git"}, {"status": "affected", "version": "5ead97c84fa7", "lessThan": "47635b112a64", "versionType": "git"}, {"status": "affected", "version": "5ead97c84fa7", "lessThan": "af2a9f98d884", "versionType": "git"}, {"status": "affected", "version": "5ead97c84fa7", "lessThan": "ae7079238f6f", "versionType": "git"}, {"status": "affected", "version": "5ead97c84fa7", "lessThan": "5cb59db49c9c", "versionType": "git"}, {"status": "affected", "version": "5ead97c84fa7", "lessThan": "aaa8736370db", "versionType": "git"}], "programFiles": ["arch/x86/tools/relocs.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.23"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.23", "versionType": "custom"}, {"status": "unaffected", "version": "4.19.311", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.273", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.214", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.153", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.83", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.23", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.11", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.2", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/x86/tools/relocs.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03"}, {"url": "https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088"}, {"url": "https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20a"}, {"url": "https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9af"}, {"url": "https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723"}, {"url": "https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1c"}, {"url": "https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aa"}, {"url": "https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40"}, {"url": "https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3b"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86, relocs: Ignore relocations in .notes section\n\nWhen building with CONFIG_XEN_PV=y, .text symbols are emitted into\nthe .notes section so that Xen can find the \"startup_xen\" entry point.\nThis information is used prior to booting the kernel, so relocations\nare not useful. In fact, performing relocations against the .notes\nsection means that the KASLR base is exposed since /sys/kernel/notes\nis world-readable.\n\nTo avoid leaking the KASLR base without breaking unprivileged tools that\nare expecting to read /sys/kernel/notes, skip performing relocations in\nthe .notes section. The values readable in .notes are then identical to\nthose found in System.map."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:23:17.023Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26816", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:14:13.600Z", "dateReserved": "2024-02-19T14:20:24.180Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-10T13:53:49.492Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86, relocs: Ignore relocations in .notes section\n\nWhen building with CONFIG_XEN_PV=y, .text symbols are emitted into\nthe .notes section so that Xen can find the \"startup_xen\" entry point.\nThis information is used prior to booting the kernel, so relocations\nare not useful. In fact, performing relocations against the .notes\nsection means that the KASLR base is exposed since /sys/kernel/notes\nis world-readable.\n\nTo avoid leaking the KASLR base without breaking unprivileged tools that\nare expecting to read /sys/kernel/notes, skip performing relocations in\nthe .notes section. The values readable in .notes are then identical to\nthose found in System.map."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: x86, relocs: ignorar reubicaciones en la secci\u00f3n .notes Al compilar con CONFIG_XEN_PV=y, los s\u00edmbolos .text se emiten en la secci\u00f3n .notes para que Xen pueda encontrar el punto de entrada \"startup_xen\" . Esta informaci\u00f3n se utiliza antes de iniciar el kernel, por lo que las reubicaciones no son \u00fatiles. De hecho, realizar reubicaciones en la secci\u00f3n .notes significa que la base KASLR est\u00e1 expuesta ya que /sys/kernel/notes es legible en todo el mundo. Para evitar filtrar la base de KASLR sin da\u00f1ar las herramientas sin privilegios que esperan leer /sys/kernel/notes, omita realizar reubicaciones en la secci\u00f3n .notes. Los valores legibles en .notes son id\u00e9nticos a los que se encuentran en System.map."}], "id": "CVE-2024-26816", "lastModified": "2024-11-05T10:15:52.480", "metrics": {}, "published": "2024-04-10T14:15:07.490", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9af"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: x86, relocs: Ignore relocations in .notes section", "id": "2274474", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274474"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-212", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nx86, relocs: Ignore relocations in .notes section\nWhen building with CONFIG_XEN_PV=y, .text symbols are emitted into\nthe .notes section so that Xen can find the \"startup_xen\" entry point.\nThis information is used prior to booting the kernel, so relocations\nare not useful. In fact, performing relocations against the .notes\nsection means that the KASLR base is exposed since /sys/kernel/notes\nis world-readable.\nTo avoid leaking the KASLR base without breaking unprivileged tools that\nare expecting to read /sys/kernel/notes, skip performing relocations in\nthe .notes section. The values readable in .notes are then identical to\nthose found in System.map.", "A flaw was found in the Linux kernel due to improper handling of relocations in the `.notes` section of ELF files. This flaw allows an attacker to bypass security mechanisms or corrupt memory."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-26816", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26816\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26816\nhttps://lore.kernel.org/linux-cve-announce/2024041039-CVE-2024-26816-5054@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.311, kernel 5.4.273, kernel 5.10.214, kernel 5.15.153, kernel 6.1.83, kernel 6.6.23, kernel 6.7.11, kernel 6.8.2, kernel 6.9-rc1"}