CVE-2024-26710 : In the Linux kernel, the following vulnerability has been resolved: powerpc/kas

In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Limit KASAN thread size increase to 32KB KASAN is seen to increase stack usage, to the point that it was reported to lead to stack overflow on some 32-bit machines (see link). To avoid overflows the stack size was doubled for KASAN builds in commit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with KASAN"). However with a 32KB stack size to begin with, the doubling leads to a 64KB stack, which causes build errors: arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between 0xffffffffffff8000 and 0x0000000000007fff) Although the asm could be reworked, in practice a 32KB stack seems sufficient even for KASAN builds - the additional usage seems to be in the 2-3KB range for a 64-bit KASAN build. So only increase the stack for KASAN if the stack size is < 32KB.

Published 2024-04-03 15:15:53

Updated 2025-03-17 15:36:12

Source Linux

View at NVD, CVE.org

Products affected by CVE-2024-26710

Linux » Linux Kernel
Versions from including (>=) 6.7.2 and before (<) 6.7.6
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.6.14 and before (<) 6.6.18
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.1.75 and before (<) 6.1.79
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-26710

EPSS FAQ

0.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 1 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-26710

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2025-03-17
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2024-26710

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2024-26710

https://git.kernel.org/stable/c/4297217bcf1f0948a19c2bacc6b68d92e7778ad9

powerpc/kasan: Limit KASAN thread size increase to 32KB - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/b29b16bd836a838b7690f80e37f8376414c74cbe

powerpc/kasan: Limit KASAN thread size increase to 32KB - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/f1acb109505d983779bbb7e20a1ee6244d2b5736

powerpc/kasan: Limit KASAN thread size increase to 32KB - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/4cc31fa07445879a13750cb061bb8c2654975fcb

powerpc/kasan: Limit KASAN thread size increase to 32KB - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2024-26710

Products affected by CVE-2024-26710

Exploit prediction scoring system (EPSS) score for CVE-2024-26710

CVSS scores for CVE-2024-26710

CWE ids for CVE-2024-26710

References for CVE-2024-26710