{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41026", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.616Z", "datePublished": "2024-07-29T14:31:43.056Z", "dateUpdated": "2024-12-19T09:10:19.819Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:10:19.819Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length\n\nNo check is done on the size of the data to be transmiited. This causes\na kernel panic when this size exceeds the sg_miter's length.\n\nLimit the number of transmitted bytes to sgm->length."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mmc/host/davinci_mmc.c"], "versions": [{"version": "ed01d210fd910f7fa7933638df14ffb8d4aac2a9", "lessThan": "c561c4ecce712f94b442db5960e281f13b28df2e", "status": "affected", "versionType": "git"}, {"version": "ed01d210fd910f7fa7933638df14ffb8d4aac2a9", "lessThan": "16198eef11c1929374381d7f6271b4bf6aa44615", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mmc/host/davinci_mmc.c"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.10", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/c561c4ecce712f94b442db5960e281f13b28df2e"}, {"url": "https://git.kernel.org/stable/c/16198eef11c1929374381d7f6271b4bf6aa44615"}], "title": "mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.171Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c561c4ecce712f94b442db5960e281f13b28df2e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/16198eef11c1929374381d7f6271b4bf6aa44615", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41026", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:24:09.083090Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:04.488Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c561c4ecce712f94b442db5960e281f13b28df2e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/16198eef11c1929374381d7f6271b4bf6aa44615", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.171Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41026", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:24:09.083090Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:20.500Z"}}], "cna": {"title": "mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "ed01d210fd91", "lessThan": "c561c4ecce71", "versionType": "git"}, {"status": "affected", "version": "ed01d210fd91", "lessThan": "16198eef11c1", "versionType": "git"}], "programFiles": ["drivers/mmc/host/davinci_mmc.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.9"}, {"status": "unaffected", "version": "0", "lessThan": "6.9", "versionType": "semver"}, {"status": "unaffected", "version": "6.9.10", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/mmc/host/davinci_mmc.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/c561c4ecce712f94b442db5960e281f13b28df2e"}, {"url": "https://git.kernel.org/stable/c/16198eef11c1929374381d7f6271b4bf6aa44615"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length\n\nNo check is done on the size of the data to be transmiited. This causes\na kernel panic when this size exceeds the sg_miter's length.\n\nLimit the number of transmitted bytes to sgm->length."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:35:14.322Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41026", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:35:14.322Z", "dateReserved": "2024-07-12T12:17:45.616Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T14:31:43.056Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length\n\nNo check is done on the size of the data to be transmiited. This causes\na kernel panic when this size exceeds the sg_miter's length.\n\nLimit the number of transmitted bytes to sgm->length."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mmc: davinci_mmc: Evita que el tama\u00f1o de los datos transmitidos exceda la longitud de sgm No se realiza ninguna verificaci\u00f3n del tama\u00f1o de los datos a transmitir. Esto provoca un p\u00e1nico en el kernel cuando este tama\u00f1o excede la longitud de sg_miter. Limite el n\u00famero de bytes transmitidos a sgm->length."}], "id": "CVE-2024-41026", "lastModified": "2024-11-21T09:32:05.570", "metrics": {}, "published": "2024-07-29T15:15:11.413", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/16198eef11c1929374381d7f6271b4bf6aa44615"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c561c4ecce712f94b442db5960e281f13b28df2e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/16198eef11c1929374381d7f6271b4bf6aa44615"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/c561c4ecce712f94b442db5960e281f13b28df2e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length", "id": "2300384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300384"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-119", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length\nNo check is done on the size of the data to be transmiited. This causes\na kernel panic when this size exceeds the sg_miter's length.\nLimit the number of transmitted bytes to sgm->length.", "A flaw was found in the `davinci_mmc` driver in the Linux kernel, which lacks validation for the size of transmitted data, leading to potential kernel panics if the data size exceeded the scatter-gather list (`sg_miter`) length. This issue was addressed by adding a check to limit the transmitted data to the `sgm->length`, preventing buffer overflows and enhancing system stability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-41026", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41026\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41026\nhttps://lore.kernel.org/linux-cve-announce/2024072920-CVE-2024-41026-8de7@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.9.10, kernel 6.10"}