CVE-2024-26842

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-26842
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26842.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-26842
Aliases
Downstream
Related
Published
2024-04-17T10:10:07.430Z
Modified
2026-01-06T15:11:20.985093Z
Summary
scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: core: Fix shift issue in ufshcdclearcmd()

When tasktag >= 32 (in MCQ mode) and sizeof(unsigned int) == 4, 1U << tasktag will out of bounds for a u32 mask. Fix this up to prevent SHIFT_ISSUE (bitwise shifts that are out of bounds for their data type).

[name:debugmonitors&]Unexpected kernel BRK exception at EL1 [name:traps&]Internal error: BRK handler: 00000000f2005514 [#1] PREEMPT SMP [name:mediatekcpufreqhw&]cpufreq stop DVFS log done [name:mrdump&]Kernel Offset: 0x1ba5800000 from 0xffffffc008000000 [name:mrdump&]PHYSOFFSET: 0x80000000 [name:mrdump&]pstate: 22400005 (nzCv daif +PAN -UAO) [name:mrdump&]pc : [0xffffffdbaf52bb2c] ufshcdclearcmd+0x280/0x288 [name:mrdump&]lr : [0xffffffdbaf52a774] ufshcdwaitfordevcmd+0x3e4/0x82c [name:mrdump&]sp : ffffffc0081471b0 <snip> Workqueue: ufsehwq0 ufshcderrhandler Call trace: dumpbacktrace+0xf8/0x144 showstack+0x18/0x24 dumpstacklvl+0x78/0x9c dumpstack+0x18/0x44 mrdumpcommondie+0x254/0x480 [mrdump] ipanicdie+0x20/0x30 [mrdump] notifydie+0x15c/0x204 die+0x10c/0x5f8 arm64notifydie+0x74/0x13c dodebugexception+0x164/0x26c el1dbg+0x64/0x80 el1h64synchandler+0x3c/0x90 el1h64sync+0x68/0x6c ufshcdclearcmd+0x280/0x288 ufshcdwaitfordevcmd+0x3e4/0x82c ufshcdexecdevcmd+0x5bc/0x9ac ufshcdverifydevinit+0x84/0x1c8 ufshcdprobehba+0x724/0x1ce0 ufshcdhostresetandrestore+0x260/0x574 ufshcdresetandrestore+0x138/0xbd0 ufshcderrhandler+0x1218/0x2f28 processonework+0x5fc/0x1140 workerthread+0x7d8/0xe20 kthread+0x25c/0x468 retfromfork+0x10/0x20

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26842.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
adf452611677d048203398f489e2175a9068f9f7
Fixed
7ac9e18f5d66087cd22751c5c5bf0090eb0038fe
Fixed
a992425d18e5f7c48931121993c6c69426f2a8fb
Fixed
b513d30d59bb383a6a5d6b533afcab2cee99a8f8

Affected versions

v6.*

v6.4
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.8-rc1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26842.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.5.0
Fixed
6.6.19
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26842.json"