NVD

CVE-2024-26606 Detail

Modified

This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.

Description

In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read buffer and then make use of epoll_wait() or similar to consume any responses afterwards. It is then crucial that epoll threads are signaled via wakeup when they queue their own work. Otherwise, they risk waiting indefinitely for an event leaving their work unhandled. What is worse, subsequent commands won't trigger a wakeup either as the thread has pending work.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 5.5 MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource
https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61	Patch
https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc	Patch
https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769	Patch
https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240943af69	Patch
https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7	Patch
https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc	Patch
https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68	Patch
https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
NVD-CWE-noinfo	Insufficient Information	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

9 change records found show changes

Initial Analysis by NIST 4/17/2024 1:49:01 PM

Action	Type	Old Value	New Value
Added	CPE Configuration		Record truncated, showing 500 of 768 characters. View Entire Change Record OR cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 2.6.29 up to (excluding) 4.19.307 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.20.0 up to (excluding) 5.4.269 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.5.0 up to (excluding) 5.10.210 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.11.0 up to (excluding) 5.15.149 cpe:2.3:o:linux:linux_kernel::::::::* vers
Added	CVSS V3.1		NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE		NIST NVD-CWE-noinfo
Changed	Reference Type	https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61 No Types Assigned	https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc No Types Assigned	https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc Patch
Changed	Reference Type	https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769 No Types Assigned	https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240943af69 No Types Assigned	https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240943af69 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7 No Types Assigned	https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc No Types Assigned	https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc Patch
Changed	Reference Type	https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68 No Types Assigned	https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac No Types Assigned	https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac Patch

New CVE Received by NIST 2/26/2024 11:28:00 AM

Action	Type	New Value
Added	Description	Record truncated, showing 500 of 662 characters. View Entire Change Record In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read buffer and then make use of epoll_wait() or similar to consume any responses afterwards. It is then crucial that epoll threads are signaled via wakeup when they queue their own work. Otherwise, they ris
Added	Reference	Linux https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61 [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769 [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240943af69 [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7 [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68 [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2024-26606
NVD Published Date:
02/26/2024
NVD Last Modified:
11/05/2024
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2024-26606 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by kernel.org 11/05/2024 5:15:32 AM

CVE Modified by kernel.org 6/27/2024 8:15:18 AM

CVE Modified by kernel.org 6/25/2024 6:15:18 PM

CVE Modified by kernel.org 5/29/2024 2:16:38 AM

CVE Modified by kernel.org 5/14/2024 11:09:21 AM

Initial Analysis by NIST 4/17/2024 1:49:01 PM

CVE Modified by kernel.org 3/11/2024 2:15:18 PM

CVE Modified by kernel.org 2/27/2024 10:15:08 PM

New CVE Received by NIST 2/26/2024 11:28:00 AM

Quick Info