CVE-2024-26818 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: tools/rtla: Fix clang warning about mount_point var size clang is reporting this warning: $ make HOSTCC=clang CC=clang LLVM_IAS=1 [...] clang -O -g -DVERSION=\"6.8.0-rc3\" -flto=auto -fexceptions -fstack-protector-strong -fasynchronous-unwind-tables -fstack-clash-protection -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS $(pkg-config --cflags libtracefs) -c -o src/utils.o src/utils.c src/utils.c:548:66: warning: 'fscanf' may overflow; destination buffer in argument 3 has size 1024, but the corresponding specifier may require size 1025 [-Wfortify-source] 548 | while (fscanf(fp, "%*s %" STR(MAX_PATH) "s %99s %*s %*d %*d\n", mount_point, type) == 2) { | ^ Increase mount_point variable size to MAX_PATH+1 to avoid the overflow.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/30369084ac6e27479a347899e74f523e6ca29b89
https://git.kernel.org/stable/c/6bdd43f62ab3bb5a306af7f0ab857af45777f5a8
https://git.kernel.org/stable/c/8a585914c266dc044f53b5c83c170f79b45fcf9a
https://lore.kernel.org/linux-cve-announce/2024041701-CVE-2024-26818-d65b@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26818
https://www.cve.org/CVERecord?id=CVE-2024-26818

History

Thu, 19 Dec 2024 09:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-17T09:43:46.582Z

Updated: 2024-12-19T08:48:04.847Z

Reserved: 2024-02-19T14:20:24.180Z

Link: CVE-2024-26818

Vulnrichment

Updated: 2024-08-02T00:14:13.532Z

NVD

Status : Awaiting Analysis

Published: 2024-04-17T10:15:08.757

Modified: 2024-11-21T09:03:08.703

Link: CVE-2024-26818

Redhat

Severity : Low

Publid Date: 2024-04-17T00:00:00Z

Links: CVE-2024-26818 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26818", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.180Z", "datePublished": "2024-04-17T09:43:46.582Z", "dateUpdated": "2024-12-19T08:48:04.847Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:48:04.847Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntools/rtla: Fix clang warning about mount_point var size\n\nclang is reporting this warning:\n\n$ make HOSTCC=clang CC=clang LLVM_IAS=1\n[...]\nclang -O -g -DVERSION=\\\"6.8.0-rc3\\\" -flto=auto -fexceptions\n\t-fstack-protector-strong -fasynchronous-unwind-tables\n\t-fstack-clash-protection -Wall -Werror=format-security\n\t-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS\n\t$(pkg-config --cflags libtracefs) -c -o src/utils.o src/utils.c\n\nsrc/utils.c:548:66: warning: 'fscanf' may overflow; destination buffer in argument 3 has size 1024, but the corresponding specifier may require size 1025 [-Wfortify-source]\n 548 | while (fscanf(fp, \"%*s %\" STR(MAX_PATH) \"s %99s %*s %*d %*d\\n\", mount_point, type) == 2) {\n | ^\n\nIncrease mount_point variable size to MAX_PATH+1 to avoid the overflow."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["tools/tracing/rtla/src/utils.c"], "versions": [{"version": "a957cbc02531a23beeac6dd9e751f8d4dadaf7a9", "lessThan": "8a585914c266dc044f53b5c83c170f79b45fcf9a", "status": "affected", "versionType": "git"}, {"version": "a957cbc02531a23beeac6dd9e751f8d4dadaf7a9", "lessThan": "6bdd43f62ab3bb5a306af7f0ab857af45777f5a8", "status": "affected", "versionType": "git"}, {"version": "a957cbc02531a23beeac6dd9e751f8d4dadaf7a9", "lessThan": "30369084ac6e27479a347899e74f523e6ca29b89", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["tools/tracing/rtla/src/utils.c"], "versions": [{"version": "6.5", "status": "affected"}, {"version": "0", "lessThan": "6.5", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.18", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.6", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/8a585914c266dc044f53b5c83c170f79b45fcf9a"}, {"url": "https://git.kernel.org/stable/c/6bdd43f62ab3bb5a306af7f0ab857af45777f5a8"}, {"url": "https://git.kernel.org/stable/c/30369084ac6e27479a347899e74f523e6ca29b89"}], "title": "tools/rtla: Fix clang warning about mount_point var size", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:41:47.702177Z", "id": "CVE-2024-26818", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:49:11.639Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:13.532Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/8a585914c266dc044f53b5c83c170f79b45fcf9a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6bdd43f62ab3bb5a306af7f0ab857af45777f5a8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/30369084ac6e27479a347899e74f523e6ca29b89", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/8a585914c266dc044f53b5c83c170f79b45fcf9a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6bdd43f62ab3bb5a306af7f0ab857af45777f5a8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/30369084ac6e27479a347899e74f523e6ca29b89", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:13.532Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26818", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:41:47.702177Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:49:09.571Z"}}], "cna": {"title": "tools/rtla: Fix clang warning about mount_point var size", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "a957cbc02531a23beeac6dd9e751f8d4dadaf7a9", "lessThan": "8a585914c266dc044f53b5c83c170f79b45fcf9a", "versionType": "git"}, {"status": "affected", "version": "a957cbc02531a23beeac6dd9e751f8d4dadaf7a9", "lessThan": "6bdd43f62ab3bb5a306af7f0ab857af45777f5a8", "versionType": "git"}, {"status": "affected", "version": "a957cbc02531a23beeac6dd9e751f8d4dadaf7a9", "lessThan": "30369084ac6e27479a347899e74f523e6ca29b89", "versionType": "git"}], "programFiles": ["tools/tracing/rtla/src/utils.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.5"}, {"status": "unaffected", "version": "0", "lessThan": "6.5", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.18", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.6", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["tools/tracing/rtla/src/utils.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/8a585914c266dc044f53b5c83c170f79b45fcf9a"}, {"url": "https://git.kernel.org/stable/c/6bdd43f62ab3bb5a306af7f0ab857af45777f5a8"}, {"url": "https://git.kernel.org/stable/c/30369084ac6e27479a347899e74f523e6ca29b89"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntools/rtla: Fix clang warning about mount_point var size\n\nclang is reporting this warning:\n\n$ make HOSTCC=clang CC=clang LLVM_IAS=1\n[...]\nclang -O -g -DVERSION=\\\"6.8.0-rc3\\\" -flto=auto -fexceptions\n\t-fstack-protector-strong -fasynchronous-unwind-tables\n\t-fstack-clash-protection -Wall -Werror=format-security\n\t-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS\n\t$(pkg-config --cflags libtracefs) -c -o src/utils.o src/utils.c\n\nsrc/utils.c:548:66: warning: 'fscanf' may overflow; destination buffer in argument 3 has size 1024, but the corresponding specifier may require size 1025 [-Wfortify-source]\n 548 | while (fscanf(fp, \"%*s %\" STR(MAX_PATH) \"s %99s %*s %*d %*d\\n\", mount_point, type) == 2) {\n | ^\n\nIncrease mount_point variable size to MAX_PATH+1 to avoid the overflow."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:48:04.847Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26818", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:48:04.847Z", "dateReserved": "2024-02-19T14:20:24.180Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-17T09:43:46.582Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntools/rtla: Fix clang warning about mount_point var size\n\nclang is reporting this warning:\n\n$ make HOSTCC=clang CC=clang LLVM_IAS=1\n[...]\nclang -O -g -DVERSION=\\\"6.8.0-rc3\\\" -flto=auto -fexceptions\n\t-fstack-protector-strong -fasynchronous-unwind-tables\n\t-fstack-clash-protection -Wall -Werror=format-security\n\t-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS\n\t$(pkg-config --cflags libtracefs) -c -o src/utils.o src/utils.c\n\nsrc/utils.c:548:66: warning: 'fscanf' may overflow; destination buffer in argument 3 has size 1024, but the corresponding specifier may require size 1025 [-Wfortify-source]\n 548 | while (fscanf(fp, \"%*s %\" STR(MAX_PATH) \"s %99s %*s %*d %*d\\n\", mount_point, type) == 2) {\n | ^\n\nIncrease mount_point variable size to MAX_PATH+1 to avoid the overflow."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: herramientas/rtla: Repare la advertencia de clang sobre el tama\u00f1o de var de mount_point clang informa esta advertencia: $ make HOSTCC=clang CC=clang LLVM_IAS=1 [...] clang -O -g -DVERSION=\\\"6.8.0-rc3\\\" -flto=auto -fExceptions -fstack-protector-strong -fasynchronous-unwind-tables -fstack-clash-protection -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE= 2 -Wp,-D_GLIBCXX_ASSERTIONS $(pkg-config --cflags libtracefs) -c -o src/utils.o src/utils.c src/utils.c:548:66: advertencia: 'fscanf' puede desbordarse; el b\u00fafer de destino en el argumento 3 tiene un tama\u00f1o 1024, pero el especificador correspondiente puede requerir un tama\u00f1o 1025 [-Wfortify-source] 548 | while (fscanf(fp, \"%*s %\" STR(MAX_PATH) \"s %99s %*s %*d %*d\\n\", punto_montaje, tipo) == 2) { | ^ Aumente el tama\u00f1o de la variable mount_point a MAX_PATH+1 para evitar el desbordamiento."}], "id": "CVE-2024-26818", "lastModified": "2024-11-21T09:03:08.703", "metrics": {}, "published": "2024-04-17T10:15:08.757", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/30369084ac6e27479a347899e74f523e6ca29b89"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6bdd43f62ab3bb5a306af7f0ab857af45777f5a8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8a585914c266dc044f53b5c83c170f79b45fcf9a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/30369084ac6e27479a347899e74f523e6ca29b89"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/6bdd43f62ab3bb5a306af7f0ab857af45777f5a8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/8a585914c266dc044f53b5c83c170f79b45fcf9a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: tools/rtla: Fix clang warning about mount_point var size", "id": "2275622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275622"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-120", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ntools/rtla: Fix clang warning about mount_point var size\nclang is reporting this warning:\n$ make HOSTCC=clang CC=clang LLVM_IAS=1\n[...]\nclang -O -g -DVERSION=\\\"6.8.0-rc3\\\" -flto=auto -fexceptions\n-fstack-protector-strong -fasynchronous-unwind-tables\n-fstack-clash-protection -Wall -Werror=format-security\n-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS\n$(pkg-config --cflags libtracefs) -c -o src/utils.o src/utils.c\nsrc/utils.c:548:66: warning: 'fscanf' may overflow; destination buffer in argument 3 has size 1024, but the corresponding specifier may require size 1025 [-Wfortify-source]\n548 | while (fscanf(fp, \"%*s %\" STR(MAX_PATH) \"s %99s %*s %*d %*d\\n\", mount_point, type) == 2) {\n| ^\nIncrease mount_point variable size to MAX_PATH+1 to avoid the overflow."], "name": "CVE-2024-26818", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26818\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26818\nhttps://lore.kernel.org/linux-cve-announce/2024041701-CVE-2024-26818-d65b@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.6.18, kernel 6.7.6, kernel 6.8"}