{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-26900", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.187Z", "datePublished": "2024-04-17T10:27:49.707Z", "dateUpdated": "2024-11-05T09:17:53.096Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:17:53.096Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix kmemleak of rdev->serial\n\nIf kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be\nalloc not be freed, and kmemleak occurs.\n\nunreferenced object 0xffff88815a350000 (size 49152):\n comm \"mdadm\", pid 789, jiffies 4294716910\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc f773277a):\n [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0\n [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270\n [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f\n [<00000000f206d60a>] kvmalloc_node+0x74/0x150\n [<0000000034bf3363>] rdev_init_serial+0x67/0x170\n [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220\n [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630\n [<0000000073c28560>] md_add_new_disk+0x400/0x9f0\n [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10\n [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0\n [<0000000085086a11>] vfs_ioctl+0x22/0x60\n [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0\n [<00000000e54e675e>] do_syscall_64+0x71/0x150\n [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/md/md.c"], "versions": [{"version": "963c555e75b0", "lessThan": "fb5b347efd1b", "status": "affected", "versionType": "git"}, {"version": "963c555e75b0", "lessThan": "f3a1787dc482", "status": "affected", "versionType": "git"}, {"version": "963c555e75b0", "lessThan": "beaf11969fd5", "status": "affected", "versionType": "git"}, {"version": "963c555e75b0", "lessThan": "9fd0198f7ef0", "status": "affected", "versionType": "git"}, {"version": "963c555e75b0", "lessThan": "6d32c832a885", "status": "affected", "versionType": "git"}, {"version": "963c555e75b0", "lessThan": "4c1021ce46fc", "status": "affected", "versionType": "git"}, {"version": "963c555e75b0", "lessThan": "6cf350658736", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/md/md.c"], "versions": [{"version": "5.3", "status": "affected"}, {"version": "0", "lessThan": "5.3", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.217", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.159", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.91", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.31", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123"}, {"url": "https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9"}, {"url": "https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9"}, {"url": "https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995"}, {"url": "https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea"}, {"url": "https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366"}, {"url": "https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4"}], "title": "md: fix kmemleak of rdev->serial", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240912-0011/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-12T16:02:57.919Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26900", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:48:06.560564Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:23.408Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240912-0011/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-12T16:02:57.919Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26900", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:48:06.560564Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:16.456Z"}}], "cna": {"title": "md: fix kmemleak of rdev->serial", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "963c555e75b0", "lessThan": "fb5b347efd1b", "versionType": "git"}, {"status": "affected", "version": "963c555e75b0", "lessThan": "f3a1787dc482", "versionType": "git"}, {"status": "affected", "version": "963c555e75b0", "lessThan": "beaf11969fd5", "versionType": "git"}, {"status": "affected", "version": "963c555e75b0", "lessThan": "9fd0198f7ef0", "versionType": "git"}, {"status": "affected", "version": "963c555e75b0", "lessThan": "6d32c832a885", "versionType": "git"}, {"status": "affected", "version": "963c555e75b0", "lessThan": "4c1021ce46fc", "versionType": "git"}, {"status": "affected", "version": "963c555e75b0", "lessThan": "6cf350658736", "versionType": "git"}], "programFiles": ["drivers/md/md.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.3"}, {"status": "unaffected", "version": "0", "lessThan": "5.3", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.217", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.159", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.91", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.31", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.11", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.2", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/md/md.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123"}, {"url": "https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9"}, {"url": "https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9"}, {"url": "https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995"}, {"url": "https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea"}, {"url": "https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366"}, {"url": "https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix kmemleak of rdev->serial\n\nIf kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be\nalloc not be freed, and kmemleak occurs.\n\nunreferenced object 0xffff88815a350000 (size 49152):\n comm \"mdadm\", pid 789, jiffies 4294716910\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc f773277a):\n [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0\n [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270\n [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f\n [<00000000f206d60a>] kvmalloc_node+0x74/0x150\n [<0000000034bf3363>] rdev_init_serial+0x67/0x170\n [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220\n [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630\n [<0000000073c28560>] md_add_new_disk+0x400/0x9f0\n [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10\n [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0\n [<0000000085086a11>] vfs_ioctl+0x22/0x60\n [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0\n [<00000000e54e675e>] do_syscall_64+0x71/0x150\n [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:17:53.096Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26900", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:17:53.096Z", "dateReserved": "2024-02-19T14:20:24.187Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-17T10:27:49.707Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8FC005A-FB83-48C1-969E-B91C2F176D98", "versionEndExcluding": "6.7.11", "versionStartIncluding": "5.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1", "versionEndExcluding": "6.8.2", "versionStartIncluding": "6.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix kmemleak of rdev->serial\n\nIf kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be\nalloc not be freed, and kmemleak occurs.\n\nunreferenced object 0xffff88815a350000 (size 49152):\n comm \"mdadm\", pid 789, jiffies 4294716910\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc f773277a):\n [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0\n [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270\n [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f\n [<00000000f206d60a>] kvmalloc_node+0x74/0x150\n [<0000000034bf3363>] rdev_init_serial+0x67/0x170\n [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220\n [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630\n [<0000000073c28560>] md_add_new_disk+0x400/0x9f0\n [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10\n [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0\n [<0000000085086a11>] vfs_ioctl+0x22/0x60\n [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0\n [<00000000e54e675e>] do_syscall_64+0x71/0x150\n [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: md: corrige kmemleak de rdev-&gt;serial Si kobject_add() falla en bind_rdev_to_array(), 'rdev-&gt;serial' se asignar\u00e1 y no se liberar\u00e1, y se produce kmemleak. objeto sin referencia 0xffff88815a350000 (tama\u00f1o 49152): comm \"mdadm\", pid 789, jiffies 4294716910 volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ retroceso (crc f773277a): [&lt;0000000058b0a453&gt; ] kmemleak_alloc+0x61/0xe0 [&lt;00000000366adf14&gt;] __kmalloc_large_node+0x15e/0x270 [&lt;000000002e82961b&gt;] __kmalloc_node.cold+0x11/0x7f [&lt;00000000f206d60a&gt;] loc_node+0x74/0x150 [&lt;0000000034bf3363&gt;] rdev_init_serial+0x67/0x170 [&lt; 0000000010e08fe9&gt;] mddev_create_serial_pool+0x62/0x220 [&lt;00000000c3837bf0&gt;] bind_rdev_to_array+0x2af/0x630 [&lt;0000000073c28560&gt;] md_add_new_disk+0x400/0x9f0 00000000770e30ff&gt;] md_ioctl+0x15bf/0x1c10 [&lt;000000006cfab718&gt;] blkdev_ioctl+0x191/0x3f0 [&lt; 0000000085086a11&gt;] vfs_ioctl+0x22/0x60 [&lt;0000000018b656fe&gt;] __x64_sys_ioctl+0xba/0xe0 [&lt;00000000e54e675e&gt;] do_syscall_64+0x71/0x150 [&lt;00000 0008b0ad622&gt;] entrada_SYSCALL_64_after_hwframe+0x6c/0x74"}], "id": "CVE-2024-26900", "lastModified": "2024-11-21T09:03:20.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-17T11:15:10.917", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4c1021ce46fc2fb6115f7e79d353941e6dcad366"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6cf350658736681b9d6b0b6e58c5c76b235bb4c4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6d32c832a88513f65c2c2c9c75954ee8b387adea"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/9fd0198f7ef06ae0d6636fb0578560857dead995"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/beaf11969fd5cbe6f09cefaa34df1ce8578e8dd9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/f3a1787dc48213f6caea5ba7d47e0222e7fa34a9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/fb5b347efd1bda989846ffc74679d181222fb123"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240912-0011/"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: md: fix kmemleak of rdev->serial", "id": "2275647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275647"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "verified"}, "cwe": "CWE-402", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmd: fix kmemleak of rdev->serial\nIf kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be\nalloc not be freed, and kmemleak occurs.\nunreferenced object 0xffff88815a350000 (size 49152):\ncomm \"mdadm\", pid 789, jiffies 4294716910\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace (crc f773277a):\n[<0000000058b0a453>] kmemleak_alloc+0x61/0xe0\n[<00000000366adf14>] __kmalloc_large_node+0x15e/0x270\n[<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f\n[<00000000f206d60a>] kvmalloc_node+0x74/0x150\n[<0000000034bf3363>] rdev_init_serial+0x67/0x170\n[<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220\n[<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630\n[<0000000073c28560>] md_add_new_disk+0x400/0x9f0\n[<00000000770e30ff>] md_ioctl+0x15bf/0x1c10\n[<000000006cfab718>] blkdev_ioctl+0x191/0x3f0\n[<0000000085086a11>] vfs_ioctl+0x22/0x60\n[<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0\n[<00000000e54e675e>] do_syscall_64+0x71/0x150\n[<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74", "A memory leak flaw was found in rdev->serial in the Linux kernel. This issue may lead to a crash."], "name": "CVE-2024-26900", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26900\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26900\nhttps://lore.kernel.org/linux-cve-announce/2024041745-CVE-2024-26900-70a3@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.7.11, kernel 6.8.2, kernel 6.9-rc1"}