diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-04-10 15:54:48 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-04-10 15:54:48 +0200 |
| commit | ade715bdc758f1cf318dfbb794eaa1048e4f7d08 (patch) | |
| tree | 2d059e23c6835592afa10d629f000739a8b82ebd | |
| parent | fab07ef5981c5fe5440346ea7eb837c896c5aa51 (diff) | |
| download | vulns-ade715bdc758f1cf318dfbb794eaa1048e4f7d08.tar.gz | |
allocated CVE-2024-26816
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | cve/published/2024/CVE-2024-26816 (renamed from cve/reserved/2024/CVE-2024-26816) | 0 | ||||
| -rw-r--r-- | cve/published/2024/CVE-2024-26816.json | 193 | ||||
| -rw-r--r-- | cve/published/2024/CVE-2024-26816.mbox | 88 | ||||
| -rw-r--r-- | cve/published/2024/CVE-2024-26816.sha1 | 1 |
4 files changed, 282 insertions, 0 deletions
diff --git a/cve/reserved/2024/CVE-2024-26816 b/cve/published/2024/CVE-2024-26816 index e69de29b..e69de29b 100644 --- a/cve/reserved/2024/CVE-2024-26816 +++ b/cve/published/2024/CVE-2024-26816 diff --git a/cve/published/2024/CVE-2024-26816.json b/cve/published/2024/CVE-2024-26816.json new file mode 100644 index 00000000..6b037f97 --- /dev/null +++ b/cve/published/2024/CVE-2024-26816.json @@ -0,0 +1,193 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86, relocs: Ignore relocations in .notes section\n\nWhen building with CONFIG_XEN_PV=y, .text symbols are emitted into\nthe .notes section so that Xen can find the \"startup_xen\" entry point.\nThis information is used prior to booting the kernel, so relocations\nare not useful. In fact, performing relocations against the .notes\nsection means that the KASLR base is exposed since /sys/kernel/notes\nis world-readable.\n\nTo avoid leaking the KASLR base without breaking unprivileged tools that\nare expecting to read /sys/kernel/notes, skip performing relocations in\nthe .notes section. The values readable in .notes are then identical to\nthose found in System.map." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "5ead97c84fa7", + "lessThan": "13edb509abc9", + "status": "affected", + "versionType": "git" + }, + { + "version": "5ead97c84fa7", + "lessThan": "52018aa146e3", + "status": "affected", + "versionType": "git" + }, + { + "version": "5ead97c84fa7", + "lessThan": "a4e7ff1a7427", + "status": "affected", + "versionType": "git" + }, + { + "version": "5ead97c84fa7", + "lessThan": "c7cff9780297", + "status": "affected", + "versionType": "git" + }, + { + "version": "5ead97c84fa7", + "lessThan": "47635b112a64", + "status": "affected", + "versionType": "git" + }, + { + "version": "5ead97c84fa7", + "lessThan": "af2a9f98d884", + "status": "affected", + "versionType": "git" + }, + { + "version": "5ead97c84fa7", + "lessThan": "ae7079238f6f", + "status": "affected", + "versionType": "git" + }, + { + "version": "5ead97c84fa7", + "lessThan": "5cb59db49c9c", + "status": "affected", + "versionType": "git" + }, + { + "version": "5ead97c84fa7", + "lessThan": "aaa8736370db", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "2.6.23", + "status": "affected" + }, + { + "version": "0", + "lessThan": "2.6.23", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.311", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.273", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.214", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.153", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.83", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.23", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.11", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.2", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.9-rc1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03" + }, + { + "url": "https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088" + }, + { + "url": "https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20a" + }, + { + "url": "https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9af" + }, + { + "url": "https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723" + }, + { + "url": "https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1c" + }, + { + "url": "https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aa" + }, + { + "url": "https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40" + }, + { + "url": "https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3b" + } + ], + "title": "x86, relocs: Ignore relocations in .notes section", + "x_generator": { + "engine": "bippy-d175d3acf727" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2024-26816", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2024/CVE-2024-26816.mbox b/cve/published/2024/CVE-2024-26816.mbox new file mode 100644 index 00000000..13e622af --- /dev/null +++ b/cve/published/2024/CVE-2024-26816.mbox @@ -0,0 +1,88 @@ +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2024-26816: x86, relocs: Ignore relocations in .notes section +Message-Id: <2024041039-CVE-2024-26816-5054@gregkh> +Content-Length: 3419 +Lines: 71 +X-Developer-Signature: v=1; a=openpgp-sha256; l=3491; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=hG7tZP8ZwTX4QUGau2HLVyQLV73ukDUxCPKsQwAkWKo=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGlisxSk/HueBMqbGOfYHv9Qc3zxyoCSzb03bTqPh4Quq + PnCx7O6I5aFQZCJQVZMkeXLNp6j+ysOKXoZ2p6GmcPKBDKEgYtTACayTJRhwVxJU0/HLdEbpv6K + 3L+jL/rH3+8ZoQwLzr2b4hOSl214+FeS0iGr67z7Y/ftAQA= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +x86, relocs: Ignore relocations in .notes section + +When building with CONFIG_XEN_PV=y, .text symbols are emitted into +the .notes section so that Xen can find the "startup_xen" entry point. +This information is used prior to booting the kernel, so relocations +are not useful. In fact, performing relocations against the .notes +section means that the KASLR base is exposed since /sys/kernel/notes +is world-readable. + +To avoid leaking the KASLR base without breaking unprivileged tools that +are expecting to read /sys/kernel/notes, skip performing relocations in +the .notes section. The values readable in .notes are then identical to +those found in System.map. + +The Linux kernel CVE team has assigned CVE-2024-26816 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 4.19.311 with commit 13edb509abc9 + Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 5.4.273 with commit 52018aa146e3 + Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 5.10.214 with commit a4e7ff1a7427 + Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 5.15.153 with commit c7cff9780297 + Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 6.1.83 with commit 47635b112a64 + Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 6.6.23 with commit af2a9f98d884 + Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 6.7.11 with commit ae7079238f6f + Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 6.8.2 with commit 5cb59db49c9c + Issue introduced in 2.6.23 with commit 5ead97c84fa7 and fixed in 6.9-rc1 with commit aaa8736370db + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2024-26816 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + arch/x86/tools/relocs.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03 + https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088 + https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20a + https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9af + https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723 + https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1c + https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aa + https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40 + https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3b diff --git a/cve/published/2024/CVE-2024-26816.sha1 b/cve/published/2024/CVE-2024-26816.sha1 new file mode 100644 index 00000000..6c704e85 --- /dev/null +++ b/cve/published/2024/CVE-2024-26816.sha1 @@ -0,0 +1 @@ +aaa8736370db1a78f0e8434344a484f9fd20be3b |