U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-26844 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: block: Fix WARNING in _copy_from_iter Syzkaller reports a warning in _copy_from_iter because an iov_iter is supposedly used in the wrong direction. The reason is that syzcaller managed to generate a request with a transfer direction of SG_DXFER_TO_FROM_DEV. This instructs the kernel to copy user buffers into the kernel, read into the copied buffers and then copy the data back to user space. Thus the iovec is used in both directions. Detect this situation in the block layer and construct a new iterator with the correct direction for the copy-in.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/0f1bae071de9967602807472921829a54b2e5956
https://git.kernel.org/stable/c/0f1bae071de9967602807472921829a54b2e5956
https://git.kernel.org/stable/c/13f3956eb5681a4045a8dfdef48df5dc4d9f58a6
https://git.kernel.org/stable/c/13f3956eb5681a4045a8dfdef48df5dc4d9f58a6
https://git.kernel.org/stable/c/8fc80874103a5c20aebdc2401361aa01c817f75b
https://git.kernel.org/stable/c/8fc80874103a5c20aebdc2401361aa01c817f75b
https://git.kernel.org/stable/c/cbaf9be337f7da25742acfce325119e3395b1f1b
https://git.kernel.org/stable/c/cbaf9be337f7da25742acfce325119e3395b1f1b

Weakness Enumeration

CWE-ID CWE Name Source

Change History

4 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-26844
NVD Published Date:
04/17/2024
NVD Last Modified:
11/21/2024
Source:
kernel.org