CVE-2024-26813

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Apr 5, 2024

Updated: Dec 20, 2024

CWE ID 476

Summary

CVE-2024-26813 is a vulnerability in the Linux kernel's vfio/platform component. It involves the SET_IRQS ioctl, which allows loopback triggering of an interrupt before a signaling eventfd has been configured, resulting in a NULL pointer dereference. To address this issue, all IRQs are registered in a disabled state during device opening, enabling safe modifications to the trigger and preventing loopback triggering via ioctl. Request_irq() failures are maintained as local to the SET_IRQS ioctl to ensure compatibility with polling mode userspace drivers.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uk5-GM
https://www.cve.org/CVERecord?id=CVE-2024-26813
https://nvd.nist.gov/vuln/detail/CVE-2024-26813

Back to Vulnerability Database

CVE-2024-26813

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations