CVE-2024-26907
Detail
Modified After Enrichment This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.
Description
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix fortify source warning while accessing Eth segment
------------[ cut here ]------------
memcpy: detected field-spanning write (size 56) of single field "eseg->inline_hdr.start" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2)
WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy
[last unloaded: mlx_compat(OE)]
CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7
RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8
R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80
FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
? show_regs+0x72/0x90
? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
? __warn+0x8d/0x160
? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
? report_bug+0x1bb/0x1d0
? handle_bug+0x46/0x90
? exc_invalid_op+0x19/0x80
? asm_exc_invalid_op+0x1b/0x20
? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
mlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib]
ipoib_send+0x2ec/0x770 [ib_ipoib]
ipoib_start_xmit+0x5a0/0x770 [ib_ipoib]
dev_hard_start_xmit+0x8e/0x1e0
? validate_xmit_skb_list+0x4d/0x80
sch_direct_xmit+0x116/0x3a0
__dev_xmit_skb+0x1fd/0x580
__dev_queue_xmit+0x284/0x6b0
? _raw_spin_unlock_irq+0xe/0x50
? __flush_work.isra.0+0x20d/0x370
? push_pseudo_header+0x17/0x40 [ib_ipoib]
neigh_connected_output+0xcd/0x110
ip_finish_output2+0x179/0x480
? __smp_call_single_queue+0x61/0xa0
__ip_finish_output+0xc3/0x190
ip_finish_output+0x2e/0xf0
ip_output+0x78/0x110
? __pfx_ip_finish_output+0x10/0x10
ip_local_out+0x64/0x70
__ip_queue_xmit+0x18a/0x460
ip_queue_xmit+0x15/0x30
__tcp_transmit_skb+0x914/0x9c0
tcp_write_xmit+0x334/0x8d0
tcp_push_one+0x3c/0x60
tcp_sendmsg_locked+0x2e1/0xac0
tcp_sendmsg+0x2d/0x50
inet_sendmsg+0x43/0x90
sock_sendmsg+0x68/0x80
sock_write_iter+0x93/0x100
vfs_write+0x326/0x3c0
ksys_write+0xbd/0xf0
? do_syscall_64+0x69/0x90
__x64_sys_write+0x19/0x30
do_syscall_
---truncated---
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0 Severity and Vector Strings:
NVD assessment
not yet provided.
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected]
Weakness Enumeration
CWE-ID
CWE Name
Source
NVD-CWE-noinfo
Insufficient Information
NIST
CWE-416
Use After Free
CISA-ADP
Change History
12 change records found show changes
CVE Modified by siemens-SADP
6/17/2026 3:18:39 AM
Action
Type
Old Value
New Value
Added
Affected
[{"vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]}]
CVE Modified by CISA-ADP
6/17/2026 3:18:39 AM
Action
Type
Old Value
New Value
Added
Affected
Record truncated, showing 2048 of 2255 characters.
View Entire Change Record [{"vendor":"linux","product":"linux_kernel","defaultStatus":"unknown","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"versions":[{"version":"1da177e4c3f4","lessThan":"d27c48dc309d","versionType":"custom","status":"affected"}]},{"vendor":"linux","product":"linux_kernel","defaultStatus":"unknown","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"versions":[{"version":"5.10.214","lessThanOrEqual":"5.11","versionType":"custom","status":"unaffected"}]},{"vendor":"linux","product":"linux_kernel","defaultStatus":"unknown","cpes":["cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"],"versions":[{"version":"6.183","lessThanOrEqual":"6.2","versionType":"custom","status":"unaffected"}]},{"vendor":"linux","product":"linux_kernel","defaultStatus":"unknown","cpes":["cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"],"versions":[{"version":"6.623","lessThanOrEqual":"6.7","versionType":"custom","status":"unaffected"}]},{"vendor":"linux","product":"linux_kernel","defaultStatus":"unknown","cpes":["cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"],"versions":[{"version":"6.711","lessThanOrEqual":"6.8","versionType":"custom","status":"unaffected"}]},{"vendor":"linux","product":"linux_kernel","defaultStatus":"unknown","cpes":["cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"],"versions":[{"version":"6.8","lessThanOrEqual":"*","versionType":"custom","status":"unaffected"}]},{"vendor":"linux","product":"linux_kernel","defaultStatus":"unknown","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"versions":[{"version":"5.15.153","lessThanOrEqual":"5.16","versionType":"custom","status":"unaffected"}]},{"vendor":"linux","product":"linux_kernel","defaultStatus":"unknown","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"versions":[{"version":"1da177e4c3f4","lessThan":"60ba938a8bc8","versionType":"custom","status":"affected"},{"version":"1da177e4c3f4","lessThanOrEqual":"cad82f1671e4","versionType":"custom","status":"affected"},{"version":"1da177e4c3f4","lessThanOrEqual":"9a624a5f9573","versionType":"custom","status":"affected"},{
Added
SSVC
{"timestamp":"2025-02-06T16:55:44.551098Z","id":"CVE-2024-26907","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}
CVE Modified by kernel.org
6/17/2026 3:18:39 AM
Action
Type
Old Value
New Value
Added
Affected
[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/hw/mlx5/wr.c","include/linux/mlx5/qp.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"34f4c9554d8b2a7d2deb9503e9373b598ee3279f","lessThan":"d27c48dc309da72c3b46351a1205d89687272baa","versionType":"git","status":"affected"},{"version":"34f4c9554d8b2a7d2deb9503e9373b598ee3279f","lessThan":"60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d","versionType":"git","status":"affected"},{"version":"34f4c9554d8b2a7d2deb9503e9373b598ee3279f","lessThan":"cad82f1671e41094acd3b9a60cd27d67a3c64a21","versionType":"git","status":"affected"},{"version":"34f4c9554d8b2a7d2deb9503e9373b598ee3279f","lessThan":"9a624a5f95733bac4648ecadb320ca83aa9c08fd","versionType":"git","status":"affected"},{"version":"34f4c9554d8b2a7d2deb9503e9373b598ee3279f","lessThan":"185fa07000e0a81d54cf8c05414cebff14469a5c","versionType":"git","status":"affected"},{"version":"34f4c9554d8b2a7d2deb9503e9373b598ee3279f","lessThan":"4d5e86a56615cc387d21c629f9af8fb0e958d350","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/hw/mlx5/wr.c","include/linux/mlx5/qp.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.0","status":"affected"},{"version":"0","lessThan":"5.0","versionType":"semver","status":"unaffected"},{"version":"5.10.214","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.153","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.83","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.23","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.7.11","lessThanOrEqual":"6.7.*","versionType":"semver","status":"unaffected"},{"version":"6.8","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]
CVE Modified by siemens-SADP
5/12/2026 8:16:26 AM
Action
Type
Old Value
New Value
Added
Reference
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
CVE Modified by CVE
11/21/2024 4:03:21 AM
Action
Type
Old Value
New Value
Added
Reference
https://git.kernel.org/stable/c/185fa07000e0a81d54cf8c05414cebff14469a5c
Added
Reference
https://git.kernel.org/stable/c/4d5e86a56615cc387d21c629f9af8fb0e958d350
Added
Reference
https://git.kernel.org/stable/c/60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d
Added
Reference
https://git.kernel.org/stable/c/9a624a5f95733bac4648ecadb320ca83aa9c08fd
Added
Reference
https://git.kernel.org/stable/c/cad82f1671e41094acd3b9a60cd27d67a3c64a21
Added
Reference
https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa
Added
Reference
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
CVE Modified by kernel.org
11/05/2024 5:16:02 AM
Action
Type
Old Value
New Value
Removed
Reference
kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
CVE Modified by CISA-ADP
8/08/2024 2:35:02 PM
Action
Type
Old Value
New Value
Added
CVSS V3.1
CISA-ADP AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added
CWE
CISA-ADP CWE-416
CVE Modified by kernel.org
6/25/2024 6:15:25 PM
Action
Type
Old Value
New Value
Added
Reference
kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html [No types assigned]
CVE Modified by kernel.org
5/29/2024 2:17:18 AM
Action
Type
Old Value
New Value
CVE Modified by kernel.org
5/14/2024 11:10:42 AM
Action
Type
Old Value
New Value
Initial Analysis by NIST
4/29/2024 3:44:18 PM
Action
Type
Old Value
New Value
Added
CVSS V3.1
NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added
CWE
NIST NVD-CWE-noinfo
Added
CPE Configuration
OR
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 5.10.214
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.153
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.83
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.23
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.7.11
Changed
Reference Type
https://git.kernel.org/stable/c/185fa07000e0a81d54cf8c05414cebff14469a5c No Types Assigned
https://git.kernel.org/stable/c/185fa07000e0a81d54cf8c05414cebff14469a5c Patch
Changed
Reference Type
https://git.kernel.org/stable/c/4d5e86a56615cc387d21c629f9af8fb0e958d350 No Types Assigned
https://git.kernel.org/stable/c/4d5e86a56615cc387d21c629f9af8fb0e958d350 Patch
Changed
Reference Type
https://git.kernel.org/stable/c/60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d No Types Assigned
https://git.kernel.org/stable/c/60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d Patch
Changed
Reference Type
https://git.kernel.org/stable/c/9a624a5f95733bac4648ecadb320ca83aa9c08fd No Types Assigned
https://git.kernel.org/stable/c/9a624a5f95733bac4648ecadb320ca83aa9c08fd Patch
Changed
Reference Type
https://git.kernel.org/stable/c/cad82f1671e41094acd3b9a60cd27d67a3c64a21 No Types Assigned
https://git.kernel.org/stable/c/cad82f1671e41094acd3b9a60cd27d67a3c64a21 Patch
Changed
Reference Type
https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa No Types Assigned
https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa Patch
New CVE Received from kernel.org
4/17/2024 7:15:11 AM
Action
Type
Old Value
New Value
Added
Description
Record truncated, showing 2048 of 3998 characters.
View Entire Change Record In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix fortify source warning while accessing Eth segment
------------[ cut here ]------------
memcpy: detected field-spanning write (size 56) of single field "eseg->inline_hdr.start" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2)
WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy
[last unloaded: mlx_compat(OE)]
CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]
Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7
RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00
Added
Reference
kernel.org https://git.kernel.org/stable/c/185fa07000e0a81d54cf8c05414cebff14469a5c [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/4d5e86a56615cc387d21c629f9af8fb0e958d350 [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/9a624a5f95733bac4648ecadb320ca83aa9c08fd [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/cad82f1671e41094acd3b9a60cd27d67a3c64a21 [No types assigned]
Added
Reference
kernel.org https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa [No types assigned]
Quick Info
CVE Dictionary Entry: CVE-2024-26907 NVD
Published Date: 04/17/2024 NVD
Last Modified: 06/17/2026
Source: kernel.org
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
