CVE-2024-27026 Affecting kernel-rt-trace-devel package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS7-KERNELRTTRACEDEVEL-6801594
- published 2 May 2024
- disclosed 1 May 2024
Introduced: 1 May 2024
CVE-2024-27026 Open this link in a new tabHow to fix?
There is no fixed version for Centos:7 kernel-rt-trace-devel.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-rt-trace-devel package and not the kernel-rt-trace-devel package as distributed by Centos.
See How to fix? for Centos:7 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
vmxnet3: Fix missing reserved tailroom
Use rbi->len instead of rcd->len for non-dataring packet.
Found issue: XDP_WARN: xdp_update_frame_from_buff(line:278): Driver BUG: missing reserved tailroom WARNING: CPU: 0 PID: 0 at net/core/xdp.c:586 xdp_warn+0xf/0x20 CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W O 6.5.1 #1 RIP: 0010:xdp_warn+0xf/0x20 ... ? xdp_warn+0xf/0x20 xdp_do_redirect+0x15f/0x1c0 vmxnet3_run_xdp+0x17a/0x400 [vmxnet3] vmxnet3_process_xdp+0xe4/0x760 [vmxnet3] ? vmxnet3_tq_tx_complete.isra.0+0x21e/0x2c0 [vmxnet3] vmxnet3_rq_rx_complete+0x7ad/0x1120 [vmxnet3] vmxnet3_poll_rx_only+0x2d/0xa0 [vmxnet3] __napi_poll+0x20/0x180 net_rx_action+0x177/0x390
References
- https://access.redhat.com/security/cve/CVE-2024-27026
- https://git.kernel.org/stable/c/7c8505ecc2d15473d679b8e06335434b84fffe86
- https://git.kernel.org/stable/c/91d017d19d5a9ad153e2dc23ed3c0e2e79ef5262
- https://git.kernel.org/stable/c/aba8659caf88017507419feea06069f529329ea6
- https://git.kernel.org/stable/c/e127ce7699c1e05279ee5ee61f00893e7bfa9671