CVE-2024-26876 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: adv7511: fix crash on irq during probe Moved IRQ registration down to end of adv7511_probe(). If an IRQ already is pending during adv7511_probe (before adv7511_cec_init) then cec_received_msg_ts could crash using uninitialized data: Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5 Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP Call trace: cec_received_msg_ts+0x48/0x990 [cec] adv7511_cec_irq_process+0x1cc/0x308 [adv7511] adv7511_irq_process+0xd8/0x120 [adv7511] adv7511_irq_handler+0x1c/0x30 [adv7511] irq_thread_fn+0x30/0xa0 irq_thread+0x14c/0x238 kthread+0x190/0x1a8

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/28a94271bd50e4cf498df0381f776f8ea40a289e
https://git.kernel.org/stable/c/50f4b57e9a9db4ede9294f39b9e75b5f26bae9b7
https://git.kernel.org/stable/c/955c1252930677762e0db2b6b9e36938c887445c
https://git.kernel.org/stable/c/aeedaee5ef5468caf59e2bb1265c2116e0c9a924
https://lore.kernel.org/linux-cve-announce/2024041739-CVE-2024-26876-3948@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26876
https://www.cve.org/CVERecord?id=CVE-2024-26876

History

Thu, 10 Oct 2024 11:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/50f4b57e9a9db4ede9294f39b9e75b5f26bae9b7

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-17T10:27:34.553Z

Updated: 2024-11-05T09:17:25.693Z

Reserved: 2024-02-19T14:20:24.185Z

Link: CVE-2024-26876

Vulnrichment

Updated: 2024-08-02T00:21:05.363Z

NVD

Status : Awaiting Analysis

Published: 2024-04-17T11:15:09.777

Modified: 2024-10-10T12:15:03.210

Link: CVE-2024-26876

Redhat

Severity : Low

Publid Date: 2024-04-17T00:00:00Z

Links: CVE-2024-26876 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26876", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.185Z", "datePublished": "2024-04-17T10:27:34.553Z", "dateUpdated": "2024-11-05T09:17:25.693Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:17:25.693Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: adv7511: fix crash on irq during probe\n\nMoved IRQ registration down to end of adv7511_probe().\n\nIf an IRQ already is pending during adv7511_probe\n(before adv7511_cec_init) then cec_received_msg_ts\ncould crash using uninitialized data:\n\n Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5\n Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP\n Call trace:\n cec_received_msg_ts+0x48/0x990 [cec]\n adv7511_cec_irq_process+0x1cc/0x308 [adv7511]\n adv7511_irq_process+0xd8/0x120 [adv7511]\n adv7511_irq_handler+0x1c/0x30 [adv7511]\n irq_thread_fn+0x30/0xa0\n irq_thread+0x14c/0x238\n kthread+0x190/0x1a8"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/bridge/adv7511/adv7511_drv.c"], "versions": [{"version": "3b1b975003e4", "lessThan": "50f4b57e9a9d", "status": "affected", "versionType": "git"}, {"version": "3b1b975003e4", "lessThan": "955c12529306", "status": "affected", "versionType": "git"}, {"version": "3b1b975003e4", "lessThan": "28a94271bd50", "status": "affected", "versionType": "git"}, {"version": "3b1b975003e4", "lessThan": "aeedaee5ef54", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/bridge/adv7511/adv7511_drv.c"], "versions": [{"version": "4.15", "status": "affected"}, {"version": "0", "lessThan": "4.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.55", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/50f4b57e9a9db4ede9294f39b9e75b5f26bae9b7"}, {"url": "https://git.kernel.org/stable/c/955c1252930677762e0db2b6b9e36938c887445c"}, {"url": "https://git.kernel.org/stable/c/28a94271bd50e4cf498df0381f776f8ea40a289e"}, {"url": "https://git.kernel.org/stable/c/aeedaee5ef5468caf59e2bb1265c2116e0c9a924"}], "title": "drm/bridge: adv7511: fix crash on irq during probe", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26876", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-09T18:40:11.251562Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:46.691Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.363Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/955c1252930677762e0db2b6b9e36938c887445c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/28a94271bd50e4cf498df0381f776f8ea40a289e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aeedaee5ef5468caf59e2bb1265c2116e0c9a924", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/955c1252930677762e0db2b6b9e36938c887445c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/28a94271bd50e4cf498df0381f776f8ea40a289e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aeedaee5ef5468caf59e2bb1265c2116e0c9a924", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.363Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26876", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-09T18:40:11.251562Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:43.848Z"}}], "cna": {"title": "drm/bridge: adv7511: fix crash on irq during probe", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3b1b975003e4", "lessThan": "50f4b57e9a9d", "versionType": "git"}, {"status": "affected", "version": "3b1b975003e4", "lessThan": "955c12529306", "versionType": "git"}, {"status": "affected", "version": "3b1b975003e4", "lessThan": "28a94271bd50", "versionType": "git"}, {"status": "affected", "version": "3b1b975003e4", "lessThan": "aeedaee5ef54", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/bridge/adv7511/adv7511_drv.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.15"}, {"status": "unaffected", "version": "0", "lessThan": "4.15", "versionType": "custom"}, {"status": "unaffected", "version": "6.6.55", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.11", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.2", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/bridge/adv7511/adv7511_drv.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/50f4b57e9a9db4ede9294f39b9e75b5f26bae9b7"}, {"url": "https://git.kernel.org/stable/c/955c1252930677762e0db2b6b9e36938c887445c"}, {"url": "https://git.kernel.org/stable/c/28a94271bd50e4cf498df0381f776f8ea40a289e"}, {"url": "https://git.kernel.org/stable/c/aeedaee5ef5468caf59e2bb1265c2116e0c9a924"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: adv7511: fix crash on irq during probe\n\nMoved IRQ registration down to end of adv7511_probe().\n\nIf an IRQ already is pending during adv7511_probe\n(before adv7511_cec_init) then cec_received_msg_ts\ncould crash using uninitialized data:\n\n Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5\n Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP\n Call trace:\n cec_received_msg_ts+0x48/0x990 [cec]\n adv7511_cec_irq_process+0x1cc/0x308 [adv7511]\n adv7511_irq_process+0xd8/0x120 [adv7511]\n adv7511_irq_handler+0x1c/0x30 [adv7511]\n irq_thread_fn+0x30/0xa0\n irq_thread+0x14c/0x238\n kthread+0x190/0x1a8"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-10-10T11:29:38.642Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26876", "state": "PUBLISHED", "dateUpdated": "2024-10-10T11:29:38.642Z", "dateReserved": "2024-02-19T14:20:24.185Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-17T10:27:34.553Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: adv7511: fix crash on irq during probe\n\nMoved IRQ registration down to end of adv7511_probe().\n\nIf an IRQ already is pending during adv7511_probe\n(before adv7511_cec_init) then cec_received_msg_ts\ncould crash using uninitialized data:\n\n Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5\n Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP\n Call trace:\n cec_received_msg_ts+0x48/0x990 [cec]\n adv7511_cec_irq_process+0x1cc/0x308 [adv7511]\n adv7511_irq_process+0xd8/0x120 [adv7511]\n adv7511_irq_handler+0x1c/0x30 [adv7511]\n irq_thread_fn+0x30/0xa0\n irq_thread+0x14c/0x238\n kthread+0x190/0x1a8"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/bridge: adv7511: corrige el fallo en irq durante la sonda Se movi\u00f3 el registro de IRQ al final de adv7511_probe(). Si ya hay una IRQ pendiente durante adv7511_probe (antes de adv7511_cec_init), entonces cec_received_msg_ts podr\u00eda fallar usando datos no inicializados: No se puede manejar la lectura del kernel desde memoria ilegible en la direcci\u00f3n virtual 00000000000003d5 Error interno: Ups: 96000004 [#1] PREEMPT_RT SMP Seguimiento de llamadas: _ts+0x48 /0x990 [cec] adv7511_cec_irq_process+0x1cc/0x308 [adv7511] adv7511_irq_process+0xd8/0x120 [adv7511] adv7511_irq_handler+0x1c/0x30 [adv7511] irq_thread_fn+0x30/0xa0 leer+0x14c/0x238 khilo+0x190/0x1a8"}], "id": "CVE-2024-26876", "lastModified": "2024-10-10T12:15:03.210", "metrics": {}, "published": "2024-04-17T11:15:09.777", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/28a94271bd50e4cf498df0381f776f8ea40a289e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/50f4b57e9a9db4ede9294f39b9e75b5f26bae9b7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/955c1252930677762e0db2b6b9e36938c887445c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/aeedaee5ef5468caf59e2bb1265c2116e0c9a924"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: drm/bridge: adv7511: fix crash on irq during probe", "id": "2275699", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275699"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-364", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/bridge: adv7511: fix crash on irq during probe\nMoved IRQ registration down to end of adv7511_probe().\nIf an IRQ already is pending during adv7511_probe\n(before adv7511_cec_init) then cec_received_msg_ts\ncould crash using uninitialized data:\nUnable to handle kernel read from unreadable memory at virtual address 00000000000003d5\nInternal error: Oops: 96000004 [#1] PREEMPT_RT SMP\nCall trace:\ncec_received_msg_ts+0x48/0x990 [cec]\nadv7511_cec_irq_process+0x1cc/0x308 [adv7511]\nadv7511_irq_process+0xd8/0x120 [adv7511]\nadv7511_irq_handler+0x1c/0x30 [adv7511]\nirq_thread_fn+0x30/0xa0\nirq_thread+0x14c/0x238\nkthread+0x190/0x1a8"], "name": "CVE-2024-26876", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26876\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26876\nhttps://lore.kernel.org/linux-cve-announce/2024041739-CVE-2024-26876-3948@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.7.11, kernel 6.8.2, kernel 6.9-rc1"}