PT-2024-7326 · Linux+5 · Linux Kernel+5

Bart Van Assche

·

Published

2024-02-21

·

Updated

2025-03-28

·

CVE-2024-26764

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to errors in resource management within the fs/aio component of the Linux kernel. Specifically, when kiocb set cancel fn() is called for I/O submitted via io uring, a kernel warning appears. The warning is due to the call trace involving kiocb set cancel fn(), ffs epfile read iter(), io read(), io issue sqe(), io submit sqes(), and other system calls. This issue can potentially allow an attacker to cause a denial of service. The fix involves setting the IOCB AIO RW flag for read and write I/O submitted by libaio.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2024-08681
CVE-2024-26764
DLA-3840-1
DLA-3842-1
DSA-5658-1
DSA-5681-1
OESA-2024-1520
OESA-2024-1524
OESA-2024-1526
OESA-2024-1535
OESA-2024-1536
OESA-2024-1541
OPENSUSE-SU-2024_1641-1
OPENSUSE-SU-2024_1644-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
OPENSUSE-SU-2024_2189-1
SUSE-SU-2024:1641-1
SUSE-SU-2024:1644-1
SUSE-SU-2024:1647-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2189-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:0231-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20249-1
USN-6820-1
USN-6820-2
USN-6821-1
USN-6821-2
USN-6821-3
USN-6821-4
USN-6828-1
USN-6831-1
USN-6867-1
USN-6871-1
USN-6892-1
USN-6919-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu