CVE-2024-26872

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-26872
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26872.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-26872
Downstream
Related
Published
2024-04-17T10:27:32.025Z
Modified
2026-03-20T12:35:16.659765Z
Summary
RDMA/srpt: Do not register event handler until srpt device is fully setup
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/srpt: Do not register event handler until srpt device is fully setup

Upon rare occasions, KASAN reports a use-after-free Write in srptrefreshport().

This seems to be because an event handler is registered before the srpt device is fully setup and a race condition upon error may leave a partially setup event handler in place.

Instead, only register the event handler after srpt device initialization is complete.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26872.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a42d985bd5b234da8b61347a78dc3057bf7bb94d
Fixed
bdd895e0190c464f54f84579e7535d80276f0fc5
Fixed
6413e78086caf7bf15639923740da0d91fdfd090
Fixed
e362d007294955a4fb929e1c8978154a64efdcb6
Fixed
85570b91e4820a0db9d9432098778cafafa7d217
Fixed
7104a00fa37ae898a827381f1161fa3286c8b346
Fixed
ec77fa12da41260c6bf9e060b89234b980c5130f
Fixed
c21a8870c98611e8f892511825c9607f1e2cd456

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26872.json"