NVD

CVE-2024-26838 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix KASAN issue with tasklet KASAN testing revealed the following issue assocated with freeing an IRQ. [50006.466686] Call Trace: [50006.466691] <IRQ> [50006.489538] dump_stack+0x5c/0x80 [50006.493475] print_address_description.constprop.6+0x1a/0x150 [50006.499872] ? irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.505742] ? irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.511644] kasan_report.cold.11+0x7f/0x118 [50006.516572] ? irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.522473] irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.528232] irdma_process_ceq+0xb2/0x400 [irdma] [50006.533601] ? irdma_hw_flush_wqes_callback+0x370/0x370 [irdma] [50006.540298] irdma_ceq_dpc+0x44/0x100 [irdma] [50006.545306] tasklet_action_common.isra.14+0x148/0x2c0 [50006.551096] __do_softirq+0x1d0/0xaf8 [50006.555396] irq_exit_rcu+0x219/0x260 [50006.559670] irq_exit+0xa/0x20 [50006.563320] smp_apic_timer_interrupt+0x1bf/0x690 [50006.568645] apic_timer_interrupt+0xf/0x20 [50006.573341] </IRQ> The issue is that a tasklet could be pending on another core racing the delete of the irq. Fix by insuring any scheduled tasklet is killed after deleting the irq.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 5.5 MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource
https://git.kernel.org/stable/c/0ae8ad0013978f7471f22bcf45b027393e87f5dc	Patch
https://git.kernel.org/stable/c/0ae8ad0013978f7471f22bcf45b027393e87f5dc	Patch
https://git.kernel.org/stable/c/635d79aa477f9912e602feb5498bdd51fb9cb824	Patch
https://git.kernel.org/stable/c/635d79aa477f9912e602feb5498bdd51fb9cb824	Patch
https://git.kernel.org/stable/c/b2e4a5266e3d133b4c7f0e43bf40d13ce14fd1aa	Patch
https://git.kernel.org/stable/c/b2e4a5266e3d133b4c7f0e43bf40d13ce14fd1aa	Patch
https://git.kernel.org/stable/c/bd97cea7b18a0a553773af806dfbfac27a7c4acb	Patch
https://git.kernel.org/stable/c/bd97cea7b18a0a553773af806dfbfac27a7c4acb	Patch
https://git.kernel.org/stable/c/c6f1ca235f68b22b3e691b2ea87ac285e5946848	Patch
https://git.kernel.org/stable/c/c6f1ca235f68b22b3e691b2ea87ac285e5946848	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-416	Use After Free	NIST

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )

cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 5.14	Up to (excluding) 5.15.150
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 5.16	Up to (excluding) 6.1.80
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 6.2	Up to (excluding) 6.6.19
cpe:2.3:o:linux:linux_kernel:::::::: Show Matching CPE(s)	From (including) 6.7	Up to (excluding) 6.7.7
cpe:2.3:o:linux:linux_kernel:6.8:rc1:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:6.8:rc2:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:6.8:rc3:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:6.8:rc4:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:6.8:rc5:::::: Show Matching CPE(s)

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

5 change records found show changes

Initial Analysis by NIST 4/02/2025 9:18:09 AM

Action	Type	New Value
Added	CVSS V3.1	AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE	CWE-416
Added	CPE Configuration	Record truncated, showing 500 of 749 characters. View Entire Change Record OR cpe:2.3:o:linux:linux_kernel:6.8:rc1::::::* cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.16 up to (excluding) 6.1.80 cpe:2.3:o:linux:linux_kernel:6.8:rc3::::::* cpe:2.3:o:linux:linux_kernel:6.8:rc4::::::* cpe:2.3:o:linux:linux_kernel:6.8:rc2::::::* cpe:2.3:o:linux:linux_kernel:6.8:rc5::::::* cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.1
Added	Reference Type	CVE: https://git.kernel.org/stable/c/0ae8ad0013978f7471f22bcf45b027393e87f5dc Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/635d79aa477f9912e602feb5498bdd51fb9cb824 Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/b2e4a5266e3d133b4c7f0e43bf40d13ce14fd1aa Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/bd97cea7b18a0a553773af806dfbfac27a7c4acb Types: Patch
Added	Reference Type	CVE: https://git.kernel.org/stable/c/c6f1ca235f68b22b3e691b2ea87ac285e5946848 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/0ae8ad0013978f7471f22bcf45b027393e87f5dc Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/635d79aa477f9912e602feb5498bdd51fb9cb824 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/b2e4a5266e3d133b4c7f0e43bf40d13ce14fd1aa Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/bd97cea7b18a0a553773af806dfbfac27a7c4acb Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/c6f1ca235f68b22b3e691b2ea87ac285e5946848 Types: Patch

New CVE Received from kernel.org 4/17/2024 6:15:09 AM

Action	Type	New Value
Added	Description	Record truncated, showing 500 of 1248 characters. View Entire Change Record In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix KASAN issue with tasklet KASAN testing revealed the following issue assocated with freeing an IRQ. [50006.466686] Call Trace: [50006.466691] <IRQ> [50006.489538] dump_stack+0x5c/0x80 [50006.493475] print_address_description.constprop.6+0x1a/0x150 [50006.499872] ? irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.505742] ? irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.511644] kasan_report.cold.11+0x7f/0x1
Added	Reference	kernel.org https://git.kernel.org/stable/c/0ae8ad0013978f7471f22bcf45b027393e87f5dc [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/635d79aa477f9912e602feb5498bdd51fb9cb824 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/b2e4a5266e3d133b4c7f0e43bf40d13ce14fd1aa [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/bd97cea7b18a0a553773af806dfbfac27a7c4acb [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/c6f1ca235f68b22b3e691b2ea87ac285e5946848 [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2024-26838
NVD Published Date:
04/17/2024
NVD Last Modified:
04/02/2025
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2024-26838 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Initial Analysis by NIST 4/02/2025 9:18:09 AM

CVE Modified by CVE 11/21/2024 4:03:10 AM

CVE Modified by kernel.org 5/29/2024 2:17:11 AM

CVE Modified by kernel.org 5/14/2024 11:10:25 AM

New CVE Received from kernel.org 4/17/2024 6:15:09 AM

Quick Info