CVE-2024-26815 (GCVE-0-2024-26815)

Vulnerability from cvelistv5 – Published: 2024-04-10 11:07 – Updated: 2026-05-11 20:04
VLAI
Title
net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check
Summary
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check taprio_parse_tc_entry() is not correctly checking TCA_TAPRIO_TC_ENTRY_INDEX attribute: int tc; // Signed value tc = nla_get_u32(tb[TCA_TAPRIO_TC_ENTRY_INDEX]); if (tc >= TC_QOPT_MAX_QUEUE) { NL_SET_ERR_MSG_MOD(extack, "TC entry index out of range"); return -ERANGE; } syzbot reported that it could fed arbitary negative values: UBSAN: shift-out-of-bounds in net/sched/sch_taprio.c:1722:18 shift exponent -2147418108 is negative CPU: 0 PID: 5066 Comm: syz-executor367 Not tainted 6.8.0-rc7-syzkaller-00136-gc8a5c731fd12 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_shift_out_of_bounds+0x3c7/0x420 lib/ubsan.c:386 taprio_parse_tc_entry net/sched/sch_taprio.c:1722 [inline] taprio_parse_tc_entries net/sched/sch_taprio.c:1768 [inline] taprio_change+0xb87/0x57d0 net/sched/sch_taprio.c:1877 taprio_init+0x9da/0xc80 net/sched/sch_taprio.c:2134 qdisc_create+0x9d4/0x1190 net/sched/sch_api.c:1355 tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6617 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f1b2dea3759 Code: 48 83 c4 28 c3 e8 d7 19 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd4de452f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f1b2def0390 RCX: 00007f1b2dea3759 RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 0000000000000003 R08: 0000555500000000 R09: 0000555500000000 R10: 0000555500000000 R11: 0000000000000246 R12: 00007ffd4de45340 R13: 00007ffd4de45310 R14: 0000000000000001 R15: 00007ffd4de45340
Severity
No CVSS data available.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: a54fc09e4cba3004443aa05979f8c678196c8226 , < bd2474a45df7c11412c2587de3d4e43760531418 (git)
Affected: a54fc09e4cba3004443aa05979f8c678196c8226 , < 6915b1b28fe57e92c78e664366dc61c4f15ff03b (git)
Affected: a54fc09e4cba3004443aa05979f8c678196c8226 , < 860e838fb089d652a446ced52cbdf051285b68e7 (git)
Affected: a54fc09e4cba3004443aa05979f8c678196c8226 , < 9b720bb1a69a9f12a4a5c86b6f89386fe05ed0f2 (git)
Affected: a54fc09e4cba3004443aa05979f8c678196c8226 , < 343041b59b7810f9cdca371f445dd43b35c740b1 (git)
Create a notification for this product.
Linux Linux Affected: 6.1
Unaffected: 0 , < 6.1 (semver)
Unaffected: 6.1.83 , ≤ 6.1.* (semver)
Unaffected: 6.6.23 , ≤ 6.6.* (semver)
Unaffected: 6.7.11 , ≤ 6.7.* (semver)
Unaffected: 6.8.2 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bd2474a45df7c11412c2587de3d4e43760531418"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6915b1b28fe57e92c78e664366dc61c4f15ff03b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/860e838fb089d652a446ced52cbdf051285b68e7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9b720bb1a69a9f12a4a5c86b6f89386fe05ed0f2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/343041b59b7810f9cdca371f445dd43b35c740b1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26815",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:50:23.957243Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:41.649Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_taprio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bd2474a45df7c11412c2587de3d4e43760531418",
              "status": "affected",
              "version": "a54fc09e4cba3004443aa05979f8c678196c8226",
              "versionType": "git"
            },
            {
              "lessThan": "6915b1b28fe57e92c78e664366dc61c4f15ff03b",
              "status": "affected",
              "version": "a54fc09e4cba3004443aa05979f8c678196c8226",
              "versionType": "git"
            },
            {
              "lessThan": "860e838fb089d652a446ced52cbdf051285b68e7",
              "status": "affected",
              "version": "a54fc09e4cba3004443aa05979f8c678196c8226",
              "versionType": "git"
            },
            {
              "lessThan": "9b720bb1a69a9f12a4a5c86b6f89386fe05ed0f2",
              "status": "affected",
              "version": "a54fc09e4cba3004443aa05979f8c678196c8226",
              "versionType": "git"
            },
            {
              "lessThan": "343041b59b7810f9cdca371f445dd43b35c740b1",
              "status": "affected",
              "version": "a54fc09e4cba3004443aa05979f8c678196c8226",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_taprio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.2",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check\n\ntaprio_parse_tc_entry() is not correctly checking\nTCA_TAPRIO_TC_ENTRY_INDEX attribute:\n\n\tint tc; // Signed value\n\n\ttc = nla_get_u32(tb[TCA_TAPRIO_TC_ENTRY_INDEX]);\n\tif (tc \u003e= TC_QOPT_MAX_QUEUE) {\n\t\tNL_SET_ERR_MSG_MOD(extack, \"TC entry index out of range\");\n\t\treturn -ERANGE;\n\t}\n\nsyzbot reported that it could fed arbitary negative values:\n\nUBSAN: shift-out-of-bounds in net/sched/sch_taprio.c:1722:18\nshift exponent -2147418108 is negative\nCPU: 0 PID: 5066 Comm: syz-executor367 Not tainted 6.8.0-rc7-syzkaller-00136-gc8a5c731fd12 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nCall Trace:\n \u003cTASK\u003e\n  __dump_stack lib/dump_stack.c:88 [inline]\n  dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106\n  ubsan_epilogue lib/ubsan.c:217 [inline]\n  __ubsan_handle_shift_out_of_bounds+0x3c7/0x420 lib/ubsan.c:386\n  taprio_parse_tc_entry net/sched/sch_taprio.c:1722 [inline]\n  taprio_parse_tc_entries net/sched/sch_taprio.c:1768 [inline]\n  taprio_change+0xb87/0x57d0 net/sched/sch_taprio.c:1877\n  taprio_init+0x9da/0xc80 net/sched/sch_taprio.c:2134\n  qdisc_create+0x9d4/0x1190 net/sched/sch_api.c:1355\n  tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776\n  rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6617\n  netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\n  netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n  netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\n  netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x221/0x270 net/socket.c:745\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n  ___sys_sendmsg net/socket.c:2638 [inline]\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\nRIP: 0033:0x7f1b2dea3759\nCode: 48 83 c4 28 c3 e8 d7 19 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffd4de452f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f1b2def0390 RCX: 00007f1b2dea3759\nRDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004\nRBP: 0000000000000003 R08: 0000555500000000 R09: 0000555500000000\nR10: 0000555500000000 R11: 0000000000000246 R12: 00007ffd4de45340\nR13: 00007ffd4de45310 R14: 0000000000000001 R15: 00007ffd4de45340"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:04:42.684Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bd2474a45df7c11412c2587de3d4e43760531418"
        },
        {
          "url": "https://git.kernel.org/stable/c/6915b1b28fe57e92c78e664366dc61c4f15ff03b"
        },
        {
          "url": "https://git.kernel.org/stable/c/860e838fb089d652a446ced52cbdf051285b68e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b720bb1a69a9f12a4a5c86b6f89386fe05ed0f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/343041b59b7810f9cdca371f445dd43b35c740b1"
        }
      ],
      "title": "net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26815",
    "datePublished": "2024-04-10T11:07:03.182Z",
    "dateReserved": "2024-02-19T14:20:24.180Z",
    "dateUpdated": "2026-05-11T20:04:42.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-26815",
      "date": "2026-06-25",
      "epss": "0.00272",
      "percentile": "0.18822"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check\\n\\ntaprio_parse_tc_entry() is not correctly checking\\nTCA_TAPRIO_TC_ENTRY_INDEX attribute:\\n\\n\\tint tc; // Signed value\\n\\n\\ttc = nla_get_u32(tb[TCA_TAPRIO_TC_ENTRY_INDEX]);\\n\\tif (tc \u003e= TC_QOPT_MAX_QUEUE) {\\n\\t\\tNL_SET_ERR_MSG_MOD(extack, \\\"TC entry index out of range\\\");\\n\\t\\treturn -ERANGE;\\n\\t}\\n\\nsyzbot reported that it could fed arbitary negative values:\\n\\nUBSAN: shift-out-of-bounds in net/sched/sch_taprio.c:1722:18\\nshift exponent -2147418108 is negative\\nCPU: 0 PID: 5066 Comm: syz-executor367 Not tainted 6.8.0-rc7-syzkaller-00136-gc8a5c731fd12 #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\\nCall Trace:\\n \u003cTASK\u003e\\n  __dump_stack lib/dump_stack.c:88 [inline]\\n  dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106\\n  ubsan_epilogue lib/ubsan.c:217 [inline]\\n  __ubsan_handle_shift_out_of_bounds+0x3c7/0x420 lib/ubsan.c:386\\n  taprio_parse_tc_entry net/sched/sch_taprio.c:1722 [inline]\\n  taprio_parse_tc_entries net/sched/sch_taprio.c:1768 [inline]\\n  taprio_change+0xb87/0x57d0 net/sched/sch_taprio.c:1877\\n  taprio_init+0x9da/0xc80 net/sched/sch_taprio.c:2134\\n  qdisc_create+0x9d4/0x1190 net/sched/sch_api.c:1355\\n  tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776\\n  rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6617\\n  netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\\n  netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\\n  netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\\n  netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\\n  sock_sendmsg_nosec net/socket.c:730 [inline]\\n  __sock_sendmsg+0x221/0x270 net/socket.c:745\\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\\n  ___sys_sendmsg net/socket.c:2638 [inline]\\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\\n do_syscall_64+0xf9/0x240\\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\\nRIP: 0033:0x7f1b2dea3759\\nCode: 48 83 c4 28 c3 e8 d7 19 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\\nRSP: 002b:00007ffd4de452f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\\nRAX: ffffffffffffffda RBX: 00007f1b2def0390 RCX: 00007f1b2dea3759\\nRDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004\\nRBP: 0000000000000003 R08: 0000555500000000 R09: 0000555500000000\\nR10: 0000555500000000 R11: 0000000000000246 R12: 00007ffd4de45340\\nR13: 00007ffd4de45310 R14: 0000000000000001 R15: 00007ffd4de45340\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/sched: taprio: verificaci\\u00f3n adecuada de TCA_TAPRIO_TC_ENTRY_INDEX taprio_parse_tc_entry() no verifica correctamente el atributo TCA_TAPRIO_TC_ENTRY_INDEX: int tc; // Valor con signo tc = nla_get_u32(tb[TCA_TAPRIO_TC_ENTRY_INDEX]); if (tc \u0026gt;= TC_QOPT_MAX_QUEUE) { NL_SET_ERR_MSG_MOD(extack, \\\"\\u00edndice de entrada TC fuera de rango\\\"); volver -RANGE; } syzbot inform\\u00f3 que pod\\u00eda alimentar valores negativos arbitrarios: UBSAN: desplazamiento fuera de los l\\u00edmites en net/sched/sch_taprio.c:1722:18 exponente de desplazamiento -2147418108 es negativo CPU: 0 PID: 5066 Comm: syz-executor367 No tainted 6.8.0-rc7-syzkaller-00136-gc8a5c731fd12 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 29/02/2024 Seguimiento de llamadas:  __dump_stack lib/dump_stack.c:88 [en l\\u00ednea] dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [en l\\u00ednea] __ubsan_handle_shift_out_of_bounds+0x3c7/0x420 lib/ubsan.c:386 taprio_parse_tc_entry net/sched/sch_taprio.c:1722 [ en l\\u00ednea] taprio_parse_tc_entries net /sched/sch_taprio.c:1768 [en l\\u00ednea] taprio_change+0xb87/0x57d0 net/sched/sch_taprio.c:1877 taprio_init+0x9da/0xc80 net/sched/sch_taprio.c:2134 qdisc_create+0x9d4/0x1190 net/sched/sch_api. c:1355 tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6617 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543 netlink_unicast_ker nel net/netlink/ AF_NETLINK.C: 1341 [en l\\u00ednea] netlink_unicast+0x7ea/0x980 net/netlink/AF_netLink.c: 1367 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c: 1908 sock_sendmsg_nosec net/socket.c: 730 [730] 1 /0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [en l\\u00ednea] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/ 0x240 entrada_SYSCALL_64_after_hwframe +0x6f/0x77 RIP: 0033:0x7f1b2dea3759 C\\u00f3digo: 48 83 c4 28 c3 e8 d7 19 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 8 9c8 4c 8b 4c 24 08 0f 05 \u0026lt;48\u0026gt; 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd4de452f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002e RAX: ffffffffffffffda RBX: 00007f1b2def0390 RCX: 00007f1b2dea3759 RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 0000000000000003 R08: 0000555500000000 R09: 0000555500000000 R10: 0000555500000000 R 11: 0000000000000246 R12: 00007ffd4de45340 R13: 00007ffd4de45310 R14: 00000000000000001 R15: 00007ffd4de45340\"}]",
      "id": "CVE-2024-26815",
      "lastModified": "2024-11-21T09:03:08.313",
      "published": "2024-04-10T11:15:49.380",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/343041b59b7810f9cdca371f445dd43b35c740b1\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/6915b1b28fe57e92c78e664366dc61c4f15ff03b\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/860e838fb089d652a446ced52cbdf051285b68e7\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/9b720bb1a69a9f12a4a5c86b6f89386fe05ed0f2\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/bd2474a45df7c11412c2587de3d4e43760531418\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/343041b59b7810f9cdca371f445dd43b35c740b1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/6915b1b28fe57e92c78e664366dc61c4f15ff03b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/860e838fb089d652a446ced52cbdf051285b68e7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/9b720bb1a69a9f12a4a5c86b6f89386fe05ed0f2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/bd2474a45df7c11412c2587de3d4e43760531418\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Awaiting Analysis"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-26815\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-10T11:15:49.380\",\"lastModified\":\"2025-03-27T21:09:57.807\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check\\n\\ntaprio_parse_tc_entry() is not correctly checking\\nTCA_TAPRIO_TC_ENTRY_INDEX attribute:\\n\\n\\tint tc; // Signed value\\n\\n\\ttc = nla_get_u32(tb[TCA_TAPRIO_TC_ENTRY_INDEX]);\\n\\tif (tc \u003e= TC_QOPT_MAX_QUEUE) {\\n\\t\\tNL_SET_ERR_MSG_MOD(extack, \\\"TC entry index out of range\\\");\\n\\t\\treturn -ERANGE;\\n\\t}\\n\\nsyzbot reported that it could fed arbitary negative values:\\n\\nUBSAN: shift-out-of-bounds in net/sched/sch_taprio.c:1722:18\\nshift exponent -2147418108 is negative\\nCPU: 0 PID: 5066 Comm: syz-executor367 Not tainted 6.8.0-rc7-syzkaller-00136-gc8a5c731fd12 #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\\nCall Trace:\\n \u003cTASK\u003e\\n  __dump_stack lib/dump_stack.c:88 [inline]\\n  dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106\\n  ubsan_epilogue lib/ubsan.c:217 [inline]\\n  __ubsan_handle_shift_out_of_bounds+0x3c7/0x420 lib/ubsan.c:386\\n  taprio_parse_tc_entry net/sched/sch_taprio.c:1722 [inline]\\n  taprio_parse_tc_entries net/sched/sch_taprio.c:1768 [inline]\\n  taprio_change+0xb87/0x57d0 net/sched/sch_taprio.c:1877\\n  taprio_init+0x9da/0xc80 net/sched/sch_taprio.c:2134\\n  qdisc_create+0x9d4/0x1190 net/sched/sch_api.c:1355\\n  tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776\\n  rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6617\\n  netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\\n  netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\\n  netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\\n  netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\\n  sock_sendmsg_nosec net/socket.c:730 [inline]\\n  __sock_sendmsg+0x221/0x270 net/socket.c:745\\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\\n  ___sys_sendmsg net/socket.c:2638 [inline]\\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\\n do_syscall_64+0xf9/0x240\\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\\nRIP: 0033:0x7f1b2dea3759\\nCode: 48 83 c4 28 c3 e8 d7 19 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\\nRSP: 002b:00007ffd4de452f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\\nRAX: ffffffffffffffda RBX: 00007f1b2def0390 RCX: 00007f1b2dea3759\\nRDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004\\nRBP: 0000000000000003 R08: 0000555500000000 R09: 0000555500000000\\nR10: 0000555500000000 R11: 0000000000000246 R12: 00007ffd4de45340\\nR13: 00007ffd4de45310 R14: 0000000000000001 R15: 00007ffd4de45340\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/sched: taprio: verificaci\u00f3n adecuada de TCA_TAPRIO_TC_ENTRY_INDEX taprio_parse_tc_entry() no verifica correctamente el atributo TCA_TAPRIO_TC_ENTRY_INDEX: int tc; // Valor con signo tc = nla_get_u32(tb[TCA_TAPRIO_TC_ENTRY_INDEX]); if (tc \u0026gt;= TC_QOPT_MAX_QUEUE) { NL_SET_ERR_MSG_MOD(extack, \\\"\u00edndice de entrada TC fuera de rango\\\"); volver -RANGE; } syzbot inform\u00f3 que pod\u00eda alimentar valores negativos arbitrarios: UBSAN: desplazamiento fuera de los l\u00edmites en net/sched/sch_taprio.c:1722:18 exponente de desplazamiento -2147418108 es negativo CPU: 0 PID: 5066 Comm: syz-executor367 No tainted 6.8.0-rc7-syzkaller-00136-gc8a5c731fd12 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 29/02/2024 Seguimiento de llamadas:  __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [en l\u00ednea] __ubsan_handle_shift_out_of_bounds+0x3c7/0x420 lib/ubsan.c:386 taprio_parse_tc_entry net/sched/sch_taprio.c:1722 [ en l\u00ednea] taprio_parse_tc_entries net /sched/sch_taprio.c:1768 [en l\u00ednea] taprio_change+0xb87/0x57d0 net/sched/sch_taprio.c:1877 taprio_init+0x9da/0xc80 net/sched/sch_taprio.c:2134 qdisc_create+0x9d4/0x1190 net/sched/sch_api. c:1355 tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6617 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543 netlink_unicast_ker nel net/netlink/ AF_NETLINK.C: 1341 [en l\u00ednea] netlink_unicast+0x7ea/0x980 net/netlink/AF_netLink.c: 1367 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c: 1908 sock_sendmsg_nosec net/socket.c: 730 [730] 1 /0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [en l\u00ednea] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/ 0x240 entrada_SYSCALL_64_after_hwframe +0x6f/0x77 RIP: 0033:0x7f1b2dea3759 C\u00f3digo: 48 83 c4 28 c3 e8 d7 19 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 8 9c8 4c 8b 4c 24 08 0f 05 \u0026lt;48\u0026gt; 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd4de452f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002e RAX: ffffffffffffffda RBX: 00007f1b2def0390 RCX: 00007f1b2dea3759 RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 0000000000000003 R08: 0000555500000000 R09: 0000555500000000 R10: 0000555500000000 R 11: 0000000000000246 R12: 00007ffd4de45340 R13: 00007ffd4de45310 R14: 00000000000000001 R15: 00007ffd4de45340\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1\",\"versionEndExcluding\":\"6.1.83\",\"matchCriteriaId\":\"3057E4AB-0FB4-49B3-B63D-10D187B96B1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.23\",\"matchCriteriaId\":\"E00814DC-0BA7-431A-9926-80FEB4A96C68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.7.11\",\"matchCriteriaId\":\"9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.8\",\"versionEndExcluding\":\"6.8.2\",\"matchCriteriaId\":\"543A75FF-25B8-4046-A514-1EA8EDD87AB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.8.3\",\"versionEndIncluding\":\"6.8.12\",\"matchCriteriaId\":\"B71866A7-EBBC-450A-A34B-D42B21232828\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/343041b59b7810f9cdca371f445dd43b35c740b1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6915b1b28fe57e92c78e664366dc61c4f15ff03b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/860e838fb089d652a446ced52cbdf051285b68e7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9b720bb1a69a9f12a4a5c86b6f89386fe05ed0f2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bd2474a45df7c11412c2587de3d4e43760531418\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/343041b59b7810f9cdca371f445dd43b35c740b1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6915b1b28fe57e92c78e664366dc61c4f15ff03b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/860e838fb089d652a446ced52cbdf051285b68e7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9b720bb1a69a9f12a4a5c86b6f89386fe05ed0f2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bd2474a45df7c11412c2587de3d4e43760531418\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/bd2474a45df7c11412c2587de3d4e43760531418\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/6915b1b28fe57e92c78e664366dc61c4f15ff03b\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/860e838fb089d652a446ced52cbdf051285b68e7\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/9b720bb1a69a9f12a4a5c86b6f89386fe05ed0f2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/343041b59b7810f9cdca371f445dd43b35c740b1\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T00:14:13.584Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-26815\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T15:50:23.957243Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:18.184Z\"}}], \"cna\": {\"title\": \"net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"a54fc09e4cba3004443aa05979f8c678196c8226\", \"lessThan\": \"bd2474a45df7c11412c2587de3d4e43760531418\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a54fc09e4cba3004443aa05979f8c678196c8226\", \"lessThan\": \"6915b1b28fe57e92c78e664366dc61c4f15ff03b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a54fc09e4cba3004443aa05979f8c678196c8226\", \"lessThan\": \"860e838fb089d652a446ced52cbdf051285b68e7\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a54fc09e4cba3004443aa05979f8c678196c8226\", \"lessThan\": \"9b720bb1a69a9f12a4a5c86b6f89386fe05ed0f2\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a54fc09e4cba3004443aa05979f8c678196c8226\", \"lessThan\": \"343041b59b7810f9cdca371f445dd43b35c740b1\", \"versionType\": \"git\"}], \"programFiles\": [\"net/sched/sch_taprio.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.1\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.1\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.1.83\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.23\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.7.11\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.7.*\"}, {\"status\": \"unaffected\", \"version\": \"6.8.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.8.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/sched/sch_taprio.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/bd2474a45df7c11412c2587de3d4e43760531418\"}, {\"url\": \"https://git.kernel.org/stable/c/6915b1b28fe57e92c78e664366dc61c4f15ff03b\"}, {\"url\": \"https://git.kernel.org/stable/c/860e838fb089d652a446ced52cbdf051285b68e7\"}, {\"url\": \"https://git.kernel.org/stable/c/9b720bb1a69a9f12a4a5c86b6f89386fe05ed0f2\"}, {\"url\": \"https://git.kernel.org/stable/c/343041b59b7810f9cdca371f445dd43b35c740b1\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check\\n\\ntaprio_parse_tc_entry() is not correctly checking\\nTCA_TAPRIO_TC_ENTRY_INDEX attribute:\\n\\n\\tint tc; // Signed value\\n\\n\\ttc = nla_get_u32(tb[TCA_TAPRIO_TC_ENTRY_INDEX]);\\n\\tif (tc \u003e= TC_QOPT_MAX_QUEUE) {\\n\\t\\tNL_SET_ERR_MSG_MOD(extack, \\\"TC entry index out of range\\\");\\n\\t\\treturn -ERANGE;\\n\\t}\\n\\nsyzbot reported that it could fed arbitary negative values:\\n\\nUBSAN: shift-out-of-bounds in net/sched/sch_taprio.c:1722:18\\nshift exponent -2147418108 is negative\\nCPU: 0 PID: 5066 Comm: syz-executor367 Not tainted 6.8.0-rc7-syzkaller-00136-gc8a5c731fd12 #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\\nCall Trace:\\n \u003cTASK\u003e\\n  __dump_stack lib/dump_stack.c:88 [inline]\\n  dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106\\n  ubsan_epilogue lib/ubsan.c:217 [inline]\\n  __ubsan_handle_shift_out_of_bounds+0x3c7/0x420 lib/ubsan.c:386\\n  taprio_parse_tc_entry net/sched/sch_taprio.c:1722 [inline]\\n  taprio_parse_tc_entries net/sched/sch_taprio.c:1768 [inline]\\n  taprio_change+0xb87/0x57d0 net/sched/sch_taprio.c:1877\\n  taprio_init+0x9da/0xc80 net/sched/sch_taprio.c:2134\\n  qdisc_create+0x9d4/0x1190 net/sched/sch_api.c:1355\\n  tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776\\n  rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6617\\n  netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\\n  netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\\n  netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\\n  netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\\n  sock_sendmsg_nosec net/socket.c:730 [inline]\\n  __sock_sendmsg+0x221/0x270 net/socket.c:745\\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\\n  ___sys_sendmsg net/socket.c:2638 [inline]\\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\\n do_syscall_64+0xf9/0x240\\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\\nRIP: 0033:0x7f1b2dea3759\\nCode: 48 83 c4 28 c3 e8 d7 19 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\\nRSP: 002b:00007ffd4de452f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\\nRAX: ffffffffffffffda RBX: 00007f1b2def0390 RCX: 00007f1b2dea3759\\nRDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004\\nRBP: 0000000000000003 R08: 0000555500000000 R09: 0000555500000000\\nR10: 0000555500000000 R11: 0000000000000246 R12: 00007ffd4de45340\\nR13: 00007ffd4de45310 R14: 0000000000000001 R15: 00007ffd4de45340\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.83\", \"versionStartIncluding\": \"6.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.23\", \"versionStartIncluding\": \"6.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.7.11\", \"versionStartIncluding\": \"6.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.8.2\", \"versionStartIncluding\": \"6.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.9\", \"versionStartIncluding\": \"6.1\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-11T20:04:42.684Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-26815\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-11T20:04:42.684Z\", \"dateReserved\": \"2024-02-19T14:20:24.180Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-04-10T11:07:03.182Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.