CVE-2024-26598

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache

There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that invalidates the cache, such as a DISCARD ITS command. The root of the problem is that vgic_its_check_cache() does not elevate the refcount on the vgic_irq before dropping the lock that serializes refcount changes.

Have vgic_its_check_cache() raise the refcount on the returned vgic_irq and add the corresponding decrement after queueing the interrupt.

Published: Feb 23, 2024
Updated: Apr 18, 2024
CVE: CVE-2024-26598
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	5.16	6.1.75
linux / linux_kernel	6.2	6.6.14
linux / linux_kernel	6.7	6.7.2
linux / linux_kernel	5.4	5.4.269
linux / linux_kernel	5.11	5.15.148
linux / linux_kernel	5.5	5.10.209
debian / debian_linux	10.0	10.0.x

Vulnerability Database

290,301

CVE-2024-26598