PT-2024-21553 · Linux+5 · Linux Kernel+5

Quanyang Wang

Published

2024-01-28

Updated

2025-02-03

CVE-2024-26877

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.8.0-rc1-yocto-standard #323

Description The vulnerability is related to the crypto: xilinx module in the Linux kernel. When calling crypto finalize request, BH should be disabled to avoid triggering a calltrace. The issue is caused by the lack of BH disabling, which can lead to a warning and a calltrace. The calltrace includes functions such as crypto finalize request, crypto finalize aead request, zynqmp handle aes req, crypto pump work, kthread worker fn, and kthread.

Recommendations To resolve the issue, ensure that BH is disabled when calling crypto finalize request. This can be achieved by modifying the code to disable BH before calling the function. For Linux kernel version 6.8.0-rc1-yocto-standard #323, update the kernel to a version that includes the fix for this issue. If no specific fix is provided for the kernel version, consider updating to a newer kernel version that includes the necessary patches.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-413

Related Identifiers

BDU:2025-03912

CVE-2024-26877

DLA-3842-1

DSA-5681-1

OESA-2024-1693

OESA-2024-1694

OPENSUSE-SU-2024_1644-1

SUSE-SU-2024:1644-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2190-1

SUSE-SU-2025:20028-1

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6820-1

USN-6820-2

USN-6821-1

USN-6821-2

USN-6821-3

USN-6821-4

USN-6828-1

USN-6871-1

USN-6878-1

USN-6892-1

USN-6919-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-21553 · Linux+5 · Linux Kernel+5

CVE-2024-26877

Weakness Enumeration

Related Identifiers

Affected Products

References · 3262