CVE-2024-26598

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-26598

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26598.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-26598

Downstream

BELL-CVE-2024-26598

DEBIAN-CVE-2024-26598

DLA-3841-1

OESA-2024-2029

OESA-2024-2030

OESA-2024-2031

RHSA-2024:3854

RHSA-2024:3855

RHSA-2024:4415

RHSA-2024:4740

RHSA-2024:8161

SUSE-SU-2024:0855-1

SUSE-SU-2024:0858-1

SUSE-SU-2024:0900-1

SUSE-SU-2024:0900-2

SUSE-SU-2024:0910-1

SUSE-SU-2024:0977-1

UBUNTU-CVE-2024-26598

USN-6688-1

USN-6725-1

USN-6725-2

USN-6767-1

USN-6767-2

USN-6818-1

USN-6818-3

USN-6818-4

USN-6819-1

USN-6819-3

USN-6819-4

Related

Published

2024-02-23T15:15:09Z

Modified

2025-08-09T20:01:26Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache

There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that invalidates the cache, such as a DISCARD ITS command. The root of the problem is that vgicitscheckcache() does not elevate the refcount on the vgicirq before dropping the lock that serializes refcount changes.

Have vgicitscheckcache() raise the refcount on the returned vgicirq and add the corresponding decrement after queueing the interrupt.

References

Affected packages