CVE-2024-26848 - Vulnerability Details

Description

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: 2024-04-17

Score: 3.3 Low

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-3842-1	linux-5.10 security update
Debian DSA	DSA-5681-1	linux security update
Ubuntu USN	USN-6816-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6817-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6817-2	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-6817-3	Linux kernel vulnerabilities
Ubuntu USN	USN-6831-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6871-1	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-6892-1	Linux kernel (IBM) vulnerabilities
Ubuntu USN	USN-6919-1	Linux kernel vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2024041753-CVE-2024-26848-0413@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26848
https://www.cve.org/CVERecord?id=CVE-2024-26848

History

Thu, 19 Dec 2024 16:30:00 +0000

Type	Values Removed	Values Added
References	https://git.kernel.org/stable/c/058ed71e0f7aa3b6694ca357e23d084e5d3f2470 https://git.kernel.org/stable/c/106e14ca55a0acb3236ee98813a1d243f8aa2d05 https://git.kernel.org/stable/c/2afdd0cb02329464d77f3ec59468395c791a51a4 https://git.kernel.org/stable/c/5c78be006ed9cb735ac2abf4fd64f3f4ea26da31 https://git.kernel.org/stable/c/5f7a07646655fb4108da527565dcdc80124b14c4 https://git.kernel.org/stable/c/76426abf9b980b46983f97de8e5b25047b4c9863 https://git.kernel.org/stable/c/80b15346492bdba677bbb0adefc611910e505f7b https://git.kernel.org/stable/c/854ebf45a4ddd4cadeffb6644e88d19020634e1a https://git.kernel.org/stable/c/96370ba395c572ef496fd2c7afc4a1ab3dedd3f0 https://git.kernel.org/stable/c/9c41f4935625218a2053a2dce1423c3054169809 https://git.kernel.org/stable/c/a6ffae61ad9ebf2fdcb943135b2f30c85f49cd27 https://git.kernel.org/stable/c/b94f434fe977689da4291dc21717790b9bd1c064 https://git.kernel.org/stable/c/f67898867b6b0f4542cddc7fe57997978b948a7a https://git.kernel.org/stable/c/fe02316e4933befc621fa125efb8f8b4d04cceec https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Thu, 19 Dec 2024 16:15:00 +0000

Type	Values Removed	Values Added
Title	afs: Fix endless loop in directory parsing	kernel: afs: Fix endless loop in directory parsing
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 19 Dec 2024 15:30:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: afs: Fix endless loop in directory parsing If a directory has a block with only ".__afsXXXX" files in it (from uncompleted silly-rename), these .__afsXXXX files are skipped but without advancing the file position in the dir_context. This leads to afs_dir_iterate() repeating the block again and again. Fix this by making the code that skips the .__afsXXXX file also manually advance the file position. The symptoms are a soft lookup: watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737] ... RIP: 0010:afs_dir_iterate_block+0x39/0x1fd ... ? watchdog_timer_fn+0x1a6/0x213 ... ? asm_sysvec_apic_timer_interrupt+0x16/0x20 ? afs_dir_iterate_block+0x39/0x1fd afs_dir_iterate+0x10a/0x148 afs_readdir+0x30/0x4a iterate_dir+0x93/0xd3 __do_sys_getdents64+0x6b/0xd4 This is almost certainly the actual fix for: https://bugzilla.kernel.org/show_bug.cgi?id=218496	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Tue, 05 Nov 2024 10:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

No data.

MITRE

Status: REJECTED

Assigner: Linux

Published: 2024-04-17T10:14:19.546Z

Updated: 2024-12-19T15:16:32.263Z

Reserved: 2024-02-19T14:20:24.182Z

Link: CVE-2024-26848

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-04-17T11:15:08.323

Modified: 2024-12-19T16:15:07.703

Link: CVE-2024-26848

Redhat

Severity : Low

Publid Date: 2024-04-17T00:00:00Z

Links: CVE-2024-26848 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-835

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object