CVE-2024-26946

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-26946
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26946.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-26946
Downstream
Related
Published
2024-05-01T05:18:13.192Z
Modified
2025-11-28T02:35:47.865371Z
Summary
kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address
Details

In the Linux kernel, the following vulnerability has been resolved:

kprobes/x86: Use copyfromkernel_nofault() to read from unsafe address

Read from an unsafe address with copyfromkernelnofault() in archadjustkprobeaddr() because this function is used before checking the address is in text or not. Syzcaller bot found a bug and reported the case if user specifies inaccessible data area, archadjustkprobe_addr() will cause a kernel panic.

[ mingo: Clarified the comment. ]

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26946.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
cc66bb91457827f62e2b6cb2518666820f0a6c48
Fixed
6417684315087904fffe8966d27ca74398c57dd6
Fixed
f13edd1871d4fb4ab829aff629d47914e251bae3
Fixed
20fdb21eabaeb8f78f8f701f56d14ea0836ec861
Fixed
b69f577308f1070004cafac106dd1a44099e5483
Fixed
4e51653d5d871f40f1bd5cf95cc7f2d8b33d063b

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.18.0
Fixed
6.1.84
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.24
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.12
Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.8.3