{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-26631", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.136Z", "datePublished": "2024-03-18T10:07:48.346Z", "dateUpdated": "2026-05-11T20:01:08.891Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T20:01:08.891Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work\n\nidev->mc_ifc_count can be written over without proper locking.\n\nOriginally found by syzbot [1], fix this issue by encapsulating calls\nto mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) with\nmutex_lock() and mutex_unlock() accordingly as these functions\nshould only be called with mc_lock per their declarations.\n\n[1]\nBUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_work\n\nwrite to 0xffff88813a80c832 of 1 bytes by task 3771 on cpu 0:\n mld_ifc_stop_work net/ipv6/mcast.c:1080 [inline]\n ipv6_mc_down+0x10a/0x280 net/ipv6/mcast.c:2725\n addrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949\n addrconf_notify+0x310/0x980\n notifier_call_chain kernel/notifier.c:93 [inline]\n raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461\n __dev_notify_flags+0x205/0x3d0\n dev_change_flags+0xab/0xd0 net/core/dev.c:8685\n do_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916\n rtnl_group_changelink net/core/rtnetlink.c:3458 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3717 [inline]\n rtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754\n rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558\n netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545\n rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6576\n netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]\n netlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1910\n ...\n\nwrite to 0xffff88813a80c832 of 1 bytes by task 22 on cpu 1:\n mld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653\n process_one_work kernel/workqueue.c:2627 [inline]\n process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700\n worker_thread+0x525/0x730 kernel/workqueue.c:2781\n ..."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/mcast.c"], "versions": [{"version": "2d9a93b4902be6a5504b5941dd15e9cd776aadca", "lessThan": "62b3387beef11738eb6ce667601a28fa089fa02c", "status": "affected", "versionType": "git"}, {"version": "2d9a93b4902be6a5504b5941dd15e9cd776aadca", "lessThan": "380540bb06bb1d1b12bdc947d1b8f56cda6b5663", "status": "affected", "versionType": "git"}, {"version": "2d9a93b4902be6a5504b5941dd15e9cd776aadca", "lessThan": "3cc283fd16fba72e2cefe3a6f48d7a36b0438900", "status": "affected", "versionType": "git"}, {"version": "2d9a93b4902be6a5504b5941dd15e9cd776aadca", "lessThan": "3bb5849675ae1d592929798a2b37ea450879c855", "status": "affected", "versionType": "git"}, {"version": "2d9a93b4902be6a5504b5941dd15e9cd776aadca", "lessThan": "2e7ef287f07c74985f1bf2858bedc62bd9ebf155", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/mcast.c"], "versions": [{"version": "5.13", "status": "affected"}, {"version": "0", "lessThan": "5.13", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.148", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.75", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.14", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.2", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "5.15.148"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.1.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.6.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.7.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/62b3387beef11738eb6ce667601a28fa089fa02c"}, {"url": "https://git.kernel.org/stable/c/380540bb06bb1d1b12bdc947d1b8f56cda6b5663"}, {"url": "https://git.kernel.org/stable/c/3cc283fd16fba72e2cefe3a6f48d7a36b0438900"}, {"url": "https://git.kernel.org/stable/c/3bb5849675ae1d592929798a2b37ea450879c855"}, {"url": "https://git.kernel.org/stable/c/2e7ef287f07c74985f1bf2858bedc62bd9ebf155"}], "title": "ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.693Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/62b3387beef11738eb6ce667601a28fa089fa02c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/380540bb06bb1d1b12bdc947d1b8f56cda6b5663", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3cc283fd16fba72e2cefe3a6f48d7a36b0438900", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3bb5849675ae1d592929798a2b37ea450879c855", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2e7ef287f07c74985f1bf2858bedc62bd9ebf155", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-27T14:55:41.665799Z", "id": "CVE-2024-26631", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T14:55:52.147Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/62b3387beef11738eb6ce667601a28fa089fa02c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/380540bb06bb1d1b12bdc947d1b8f56cda6b5663", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3cc283fd16fba72e2cefe3a6f48d7a36b0438900", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3bb5849675ae1d592929798a2b37ea450879c855", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2e7ef287f07c74985f1bf2858bedc62bd9ebf155", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.693Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26631", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-27T14:55:41.665799Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T14:55:00.531Z"}}], "cna": {"title": "ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2d9a93b4902be6a5504b5941dd15e9cd776aadca", "lessThan": "62b3387beef11738eb6ce667601a28fa089fa02c", "versionType": "git"}, {"status": "affected", "version": "2d9a93b4902be6a5504b5941dd15e9cd776aadca", "lessThan": "380540bb06bb1d1b12bdc947d1b8f56cda6b5663", "versionType": "git"}, {"status": "affected", "version": "2d9a93b4902be6a5504b5941dd15e9cd776aadca", "lessThan": "3cc283fd16fba72e2cefe3a6f48d7a36b0438900", "versionType": "git"}, {"status": "affected", "version": "2d9a93b4902be6a5504b5941dd15e9cd776aadca", "lessThan": "3bb5849675ae1d592929798a2b37ea450879c855", "versionType": "git"}, {"status": "affected", "version": "2d9a93b4902be6a5504b5941dd15e9cd776aadca", "lessThan": "2e7ef287f07c74985f1bf2858bedc62bd9ebf155", "versionType": "git"}], "programFiles": ["net/ipv6/mcast.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.13"}, {"status": "unaffected", "version": "0", "lessThan": "5.13", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.148", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.75", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.14", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.2", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/ipv6/mcast.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/62b3387beef11738eb6ce667601a28fa089fa02c"}, {"url": "https://git.kernel.org/stable/c/380540bb06bb1d1b12bdc947d1b8f56cda6b5663"}, {"url": "https://git.kernel.org/stable/c/3cc283fd16fba72e2cefe3a6f48d7a36b0438900"}, {"url": "https://git.kernel.org/stable/c/3bb5849675ae1d592929798a2b37ea450879c855"}, {"url": "https://git.kernel.org/stable/c/2e7ef287f07c74985f1bf2858bedc62bd9ebf155"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work\n\nidev->mc_ifc_count can be written over without proper locking.\n\nOriginally found by syzbot [1], fix this issue by encapsulating calls\nto mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) with\nmutex_lock() and mutex_unlock() accordingly as these functions\nshould only be called with mc_lock per their declarations.\n\n[1]\nBUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_work\n\nwrite to 0xffff88813a80c832 of 1 bytes by task 3771 on cpu 0:\n mld_ifc_stop_work net/ipv6/mcast.c:1080 [inline]\n ipv6_mc_down+0x10a/0x280 net/ipv6/mcast.c:2725\n addrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949\n addrconf_notify+0x310/0x980\n notifier_call_chain kernel/notifier.c:93 [inline]\n raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461\n __dev_notify_flags+0x205/0x3d0\n dev_change_flags+0xab/0xd0 net/core/dev.c:8685\n do_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916\n rtnl_group_changelink net/core/rtnetlink.c:3458 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3717 [inline]\n rtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754\n rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558\n netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545\n rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6576\n netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]\n netlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1910\n ...\n\nwrite to 0xffff88813a80c832 of 1 bytes by task 22 on cpu 1:\n mld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653\n process_one_work kernel/workqueue.c:2627 [inline]\n process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700\n worker_thread+0x525/0x730 kernel/workqueue.c:2781\n ..."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.148", "versionStartIncluding": "5.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.75", "versionStartIncluding": "5.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.14", "versionStartIncluding": "5.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.7.2", "versionStartIncluding": "5.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8", "versionStartIncluding": "5.13"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T20:01:08.891Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26631", "state": "PUBLISHED", "dateUpdated": "2026-05-11T20:01:08.891Z", "dateReserved": "2024-02-19T14:20:24.136Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-18T10:07:48.346Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work\n\nidev->mc_ifc_count can be written over without proper locking.\n\nOriginally found by syzbot [1], fix this issue by encapsulating calls\nto mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) with\nmutex_lock() and mutex_unlock() accordingly as these functions\nshould only be called with mc_lock per their declarations.\n\n[1]\nBUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_work\n\nwrite to 0xffff88813a80c832 of 1 bytes by task 3771 on cpu 0:\n mld_ifc_stop_work net/ipv6/mcast.c:1080 [inline]\n ipv6_mc_down+0x10a/0x280 net/ipv6/mcast.c:2725\n addrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949\n addrconf_notify+0x310/0x980\n notifier_call_chain kernel/notifier.c:93 [inline]\n raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461\n __dev_notify_flags+0x205/0x3d0\n dev_change_flags+0xab/0xd0 net/core/dev.c:8685\n do_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916\n rtnl_group_changelink net/core/rtnetlink.c:3458 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3717 [inline]\n rtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754\n rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558\n netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545\n rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6576\n netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]\n netlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1910\n ...\n\nwrite to 0xffff88813a80c832 of 1 bytes by task 22 on cpu 1:\n mld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653\n process_one_work kernel/workqueue.c:2627 [inline]\n process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700\n worker_thread+0x525/0x730 kernel/workqueue.c:2781\n ..."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ipv6: mcast: corrige data-race en ipv6_mc_down / mld_ifc_work idev->mc_ifc_count se puede sobrescribir sin el bloqueo adecuado. Originalmente encontrado por syzbot [1], solucione este problema encapsulando las llamadas a mld_ifc_stop_work() (y mld_gq_stop_work() por si acaso) con mutex_lock() y mutex_unlock() en consecuencia, ya que estas funciones solo deben llamarse con mc_lock seg\u00fan sus declaraciones. [1] ERROR: KCSAN: carrera de datos en ipv6_mc_down / mld_ifc_work escribir en 0xffff88813a80c832 de 1 bytes por tarea 3771 en la CPU 0: mld_ifc_stop_work net/ipv6/mcast.c:1080 [en l\u00ednea] ipv6_mc_down+0x10a/0x280 net/ipv6/mcast .c:2725 addrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949 addrconf_notify+0x310/0x980 notifier_call_chain kernel/notifier.c:93 [en l\u00ednea] raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461 __dev_notify_flag s+0x205/ 0x3d0 dev_change_flags+0xab/0xd0 net/core/dev.c:8685 do_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916 rtnl_group_changelink net/core/rtnetlink.c:3458 [en l\u00ednea] __rtnl_newlink net/core/rtnetlink.c :3717 [en l\u00ednea] rtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754 rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558 netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545 rtnetlink_rcv+0 x1c /0x20 net/core/rtnetlink.c:6576 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [en l\u00ednea] netlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c :1910 ... escriba en 0xffff88813a80c832 de 1 bytes por tarea 22 en la CPU 1: mld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653 Process_one_work kernel/workqueue.c:2627 [en l\u00ednea] Process_scheduled_works+0x5b8/0xa30 kernel/ workqueue.c:2700 trabajador_thread+0x525/0x730 kernel/workqueue.c:2781 ..."}], "id": "CVE-2024-26631", "lastModified": "2024-11-21T09:02:43.580", "metrics": {}, "published": "2024-03-18T11:15:09.483", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2e7ef287f07c74985f1bf2858bedc62bd9ebf155"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/380540bb06bb1d1b12bdc947d1b8f56cda6b5663"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3bb5849675ae1d592929798a2b37ea450879c855"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3cc283fd16fba72e2cefe3a6f48d7a36b0438900"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/62b3387beef11738eb6ce667601a28fa089fa02c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/2e7ef287f07c74985f1bf2858bedc62bd9ebf155"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/380540bb06bb1d1b12bdc947d1b8f56cda6b5663"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/3bb5849675ae1d592929798a2b37ea450879c855"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/3cc283fd16fba72e2cefe3a6f48d7a36b0438900"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/62b3387beef11738eb6ce667601a28fa089fa02c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work", "id": "2270133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270133"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-414", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work\nidev->mc_ifc_count can be written over without proper locking.\nOriginally found by syzbot [1], fix this issue by encapsulating calls\nto mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) with\nmutex_lock() and mutex_unlock() accordingly as these functions\nshould only be called with mc_lock per their declarations.\n[1]\nBUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_work\nwrite to 0xffff88813a80c832 of 1 bytes by task 3771 on cpu 0:\nmld_ifc_stop_work net/ipv6/mcast.c:1080 [inline]\nipv6_mc_down+0x10a/0x280 net/ipv6/mcast.c:2725\naddrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949\naddrconf_notify+0x310/0x980\nnotifier_call_chain kernel/notifier.c:93 [inline]\nraw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461\n__dev_notify_flags+0x205/0x3d0\ndev_change_flags+0xab/0xd0 net/core/dev.c:8685\ndo_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916\nrtnl_group_changelink net/core/rtnetlink.c:3458 [inline]\n__rtnl_newlink net/core/rtnetlink.c:3717 [inline]\nrtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754\nrtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558\nnetlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545\nrtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6576\nnetlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]\nnetlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368\nnetlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1910\n...\nwrite to 0xffff88813a80c832 of 1 bytes by task 22 on cpu 1:\nmld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653\nprocess_one_work kernel/workqueue.c:2627 [inline]\nprocess_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700\nworker_thread+0x525/0x730 kernel/workqueue.c:2781\n..."], "name": "CVE-2024-26631", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26631\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26631"], "threat_severity": "Low"}

{}