CVE-2024-26674

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.4 and later

Description The issue is related to the Linux kernel's handling of memory errors. During memory error injection tests on kernels 6.4 and later, the kernel panics due to a Machine Check Exception. The MCA code can recover from an in-kernel Machine Check if the fixup type is EX TYPE UACCESS, but if the fixup type is EX TYPE DEFAULT, it results in a panic. The ex handler uaccess() function would warn if users gave non-canonical addresses to {get, put} user(). To resolve this, the kernel has been updated to revert back to ASM EXTABLE UA() for {get,put} user() exception fixups.

Recommendations For Linux kernel versions 6.4 and later, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the {get, put} user() functions until a patch is available. However, since the exact fix version is not specified, the best course of action would be to wait for an official update from the Linux kernel developers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.