SB20240702127 - Input validation error in Linux kernel kernel kprobes
Published: July 2, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240702127
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2024-26946)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the can_probe() function in arch/x86/kernel/kprobes/core.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/6417684315087904fffe8966d27ca74398c57dd6
- https://git.kernel.org/stable/c/f13edd1871d4fb4ab829aff629d47914e251bae3
- https://git.kernel.org/stable/c/20fdb21eabaeb8f78f8f701f56d14ea0836ec861
- https://git.kernel.org/stable/c/b69f577308f1070004cafac106dd1a44099e5483
- https://git.kernel.org/stable/c/4e51653d5d871f40f1bd5cf95cc7f2d8b33d063b
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.3