CVE-2024-26598

Published: Feb 23, 2024Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that invalidates the cache, such as a DISCARD ITS command. The root of the problem is that vgic_its_check_cache() does not elevate the refcount on the vgic_irq before dropping the lock that serializes refcount changes. Have vgic_its_check_cache() raise the refcount on the returned vgic_irq and add the corresponding decrement after queueing the interrupt.

Affected (7)

Products: Linux: Linux Kernel · Debian: Debian Linux

1 product

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.11 to 5.15.148
Linux Linux Kernel	From 5.16 to 6.1.75
Linux Linux Kernel	From 5.4 to 5.4.269
Linux Linux Kernel	From 5.5 to 5.10.209
Linux Linux Kernel	From 6.2 to 6.6.14
Linux Linux Kernel	From 6.7 to 6.7.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (15)

https://git.kernel.org/stable/c/12c2759ab1343c124ed46ba48f27bd1ef5d2dff4

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/65b201bf3e9af1b0254243a5881390eda56f72d1

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/ad362fe07fecf0aba839ff2cc59a3617bd42c33f

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/ba7be666740847d967822bed15500656b26bc703

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/dba788e25f05209adf2b0175eb1691dc89fb1ba6

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/dd3956a1b3dd11f46488c928cb890d6937d1ca80

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/12c2759ab1343c124ed46ba48f27bd1ef5d2dff4

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/65b201bf3e9af1b0254243a5881390eda56f72d1

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/ad362fe07fecf0aba839ff2cc59a3617bd42c33f

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/ba7be666740847d967822bed15500656b26bc703

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/dba788e25f05209adf2b0175eb1691dc89fb1ba6

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/dd3956a1b3dd11f46488c928cb890d6937d1ca80

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.