| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024041738-CVE-2024-26920-a681@gregkh> Date: Wed, 17 Apr 2024 17:59:45 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-26920: tracing/trigger: Fix to return error if failed to alloc snapshot Description =========== In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot Fix register_snapshot_trigger() to return error code if it failed to allocate a snapshot instead of 0 (success). Unless that, it will register snapshot trigger without an error. The Linux kernel CVE team has assigned CVE-2024-26920 to this issue. Affected and fixed versions =========================== Issue introduced in 4.19.117 with commit 57f2a2ad73e9 and fixed in 4.19.307 with commit bcf4a115a506 Issue introduced in 5.4.34 with commit 0026e356e51a and fixed in 5.4.269 with commit 8ffd5590f4d6 Issue introduced in 5.7 with commit 0bbe7f719985 and fixed in 5.10.210 with commit 56cfbe607107 Issue introduced in 5.7 with commit 0bbe7f719985 and fixed in 5.15.149 with commit b5085b5ac1d9 Issue introduced in 5.7 with commit 0bbe7f719985 and fixed in 6.1.79 with commit 36be97e9eb53 Issue introduced in 5.7 with commit 0bbe7f719985 and fixed in 6.6.18 with commit 6022c065c9ec Issue introduced in 5.7 with commit 0bbe7f719985 and fixed in 6.7.6 with commit 4b001ef14baa Issue introduced in 5.7 with commit 0bbe7f719985 and fixed in 6.8 with commit 0958b33ef5a0 Issue introduced in 4.4.220 with commit 7c6feb347a4b Issue introduced in 4.9.220 with commit a289fd864722 Issue introduced in 4.14.177 with commit 7054f86f268c Issue introduced in 5.5.19 with commit ffa70d104691 Issue introduced in 5.6.6 with commit 733c611a758c Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-26920 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: kernel/trace/trace_events_trigger.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/bcf4a115a5068f3331fafb8c176c1af0da3d8b19 https://git.kernel.org/stable/c/8ffd5590f4d6ef5460acbeac7fbdff7025f9b419 https://git.kernel.org/stable/c/56cfbe60710772916a5ba092c99542332b48e870 https://git.kernel.org/stable/c/b5085b5ac1d96ea2a8a6240f869655176ce44197 https://git.kernel.org/stable/c/36be97e9eb535fe3008a5cb040b1e56f29f2e398 https://git.kernel.org/stable/c/6022c065c9ec465d84cebff8f480db083e4ee06b https://git.kernel.org/stable/c/4b001ef14baab16b553a002cb9979e31b8fc0c6b https://git.kernel.org/stable/c/0958b33ef5a04ed91f61cef4760ac412080c4e08
Powered by blists - more mailing lists