SB2024052068 - Privilege escalation in Linux kernel hfi1 driver
Published: May 20, 2024 Updated: May 14, 2025
Security Bulletin ID
SB2024052068
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Off-by-one (CVE-ID: CVE-2024-26766)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an off-by-one error within the _pad_sdma_tx_descs() function in drivers/infiniband/hw/hfi1/sdma.c. A local user can trigger an off-by-one error and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/115b7f3bc1dce590a6851a2dcf23dc1100c49790
- https://git.kernel.org/stable/c/5833024a9856f454a964a198c63a57e59e07baf5
- https://git.kernel.org/stable/c/3f38d22e645e2e994979426ea5a35186102ff3c2
- https://git.kernel.org/stable/c/47ae64df23ed1318e27bd9844e135a5e1c0e6e39
- https://git.kernel.org/stable/c/52dc9a7a573dbf778625a0efca0fca55489f084b
- https://git.kernel.org/stable/c/a2fef1d81becf4ff60e1a249477464eae3c3bc2a
- https://git.kernel.org/stable/c/9034a1bec35e9f725315a3bb6002ef39666114d9
- https://git.kernel.org/stable/c/e6f57c6881916df39db7d95981a8ad2b9c3458d6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.308
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.211
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.150
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.270
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.80
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8