CVE-2024-26598

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-26598
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26598.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-26598
Downstream
Related
Published
2024-02-23T14:46:26.672Z
Modified
2026-03-13T07:51:54.823978Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache
Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache

There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that invalidates the cache, such as a DISCARD ITS command. The root of the problem is that vgicitscheckcache() does not elevate the refcount on the vgicirq before dropping the lock that serializes refcount changes.

Have vgicitscheckcache() raise the refcount on the returned vgicirq and add the corresponding decrement after queueing the interrupt.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26598.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6211753fdfd05af9e08f54c8d0ba3ee516034878
Fixed
d04acadb6490aa3314f9c9e087691e55de153b88
Fixed
ba7be666740847d967822bed15500656b26bc703
Fixed
12c2759ab1343c124ed46ba48f27bd1ef5d2dff4
Fixed
dba788e25f05209adf2b0175eb1691dc89fb1ba6
Fixed
65b201bf3e9af1b0254243a5881390eda56f72d1
Fixed
dd3956a1b3dd11f46488c928cb890d6937d1ca80
Fixed
ad362fe07fecf0aba839ff2cc59a3617bd42c33f

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26598.json"