Vulnerability Details : CVE-2024-26817
Potential exploit
In the Linux kernel, the following vulnerability has been resolved:
amdkfd: use calloc instead of kzalloc to avoid integer overflow
This uses calloc instead of doing the multiplication which might
overflow.
Vulnerability category: Overflow
Products affected by CVE-2024-26817
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-26817
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-26817
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST | 2025-02-03 |
CWE ids for CVE-2024-26817
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2024-26817
-
https://git.kernel.org/stable/c/fcbd99b3c73309107e3be71f20dff9414df64f91
amdkfd: use calloc instead of kzalloc to avoid integer overflow - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/3b0daecfeac0103aba8b293df07a0cbaf8b43f29
amdkfd: use calloc instead of kzalloc to avoid integer overflow - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/cbac7de1d9901521e78cdc34e15451df3611f2ad
amdkfd: use calloc instead of kzalloc to avoid integer overflow - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7
amdkfd: use calloc instead of kzalloc to avoid integer overflow - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3TH6JK7ZZMSXSVHOJKIMSSOC6EQM4WV/
[SECURITY] Fedora 39 Update: kernel-6.8.6-200.fc39 - package-announce - Fedora Mailing-Lists
-
https://git.kernel.org/stable/c/0c33d11153949310d76631d8f4a4736519eacd3a
amdkfd: use calloc instead of kzalloc to avoid integer overflow - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/e6721ea845fcb93a764a92bd40f1afc0d6c69751
amdkfd: use calloc instead of kzalloc to avoid integer overflow - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
[SECURITY] [DLA 3840-1] linux security updateMailing List
-
https://git.kernel.org/stable/c/8b0564704255c6b3c6a7188e86939f754e1577c0
amdkfd: use calloc instead of kzalloc to avoid integer overflow - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
[SECURITY] [DLA 3842-1] linux-5.10 security updateMailing List
-
https://git.kernel.org/stable/c/e6768c6737f4c02cba193a3339f0cc2907f0b86a
amdkfd: use calloc instead of kzalloc to avoid integer overflow - kernel/git/stable/linux.git - Linux kernel stable treePatch
Jump to