Strix
26.1K

CVE-2024-26926

MEDIUMCVSS 5.5/10EPSS 0.42%

Last modified

CVE-2024-26926 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. EPSS estimates a 0.42% chance of exploitation in the next 30 days.

Description

In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. This avoids later complications when unwinding the objects gets harder. It is worth noting this check existed prior to commit 7a67a39320df ("binder: add function to copy binder object from buffer"), likely removed due to redundancy at the time.

Metrics

CVSS 3.1
5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
0.42%

33.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersionsUpdate
LinuxLinux Kernel>= 5.4.226, < 5.4.275
LinuxLinux Kernel>= 5.10.157, < 5.10.216
LinuxLinux Kernel>= 5.15.17, < 5.15.157
LinuxLinux Kernel>= 5.16.3, < 6.1.88
LinuxLinux Kernel>= 6.2, < 6.6.29
LinuxLinux Kernel>= 6.7, < 6.8.8
LinuxLinux Kernel6.9Rc1
DebianDebian Linux10.0

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-26926?
In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. This avoids later complications when unwinding the objects gets harder. It is worth noting this check existed prior to commit 7a67a39320df ("binder: add function to copy binder object from buffer"), likely removed due to redundancy at the time.
How severe is CVE-2024-26926?
CVE-2024-26926 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.42% probability of exploitation in the next 30 days.
How do I fix CVE-2024-26926?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-26926?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST