{ "dataType": "CVE_RECORD", "cveMetadata": { "cveId": "CVE-2024-26907", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.187Z", "datePublished": "2024-04-17T10:27:54.194Z", "dateUpdated": "2026-05-12T11:50:32.349Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T20:06:41.859Z" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix fortify source warning while accessing Eth segment\n\n ------------[ cut here ]------------\n memcpy: detected field-spanning write (size 56) of single field \"eseg->inline_hdr.start\" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2)\n WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy\n [last unloaded: mlx_compat(OE)]\n CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu\n Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7\n RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8\n R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80\n FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \n ? show_regs+0x72/0x90\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n ? __warn+0x8d/0x160\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n ? report_bug+0x1bb/0x1d0\n ? handle_bug+0x46/0x90\n ? exc_invalid_op+0x19/0x80\n ? asm_exc_invalid_op+0x1b/0x20\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n mlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib]\n ipoib_send+0x2ec/0x770 [ib_ipoib]\n ipoib_start_xmit+0x5a0/0x770 [ib_ipoib]\n dev_hard_start_xmit+0x8e/0x1e0\n ? validate_xmit_skb_list+0x4d/0x80\n sch_direct_xmit+0x116/0x3a0\n __dev_xmit_skb+0x1fd/0x580\n __dev_queue_xmit+0x284/0x6b0\n ? _raw_spin_unlock_irq+0xe/0x50\n ? __flush_work.isra.0+0x20d/0x370\n ? push_pseudo_header+0x17/0x40 [ib_ipoib]\n neigh_connected_output+0xcd/0x110\n ip_finish_output2+0x179/0x480\n ? __smp_call_single_queue+0x61/0xa0\n __ip_finish_output+0xc3/0x190\n ip_finish_output+0x2e/0xf0\n ip_output+0x78/0x110\n ? __pfx_ip_finish_output+0x10/0x10\n ip_local_out+0x64/0x70\n __ip_queue_xmit+0x18a/0x460\n ip_queue_xmit+0x15/0x30\n __tcp_transmit_skb+0x914/0x9c0\n tcp_write_xmit+0x334/0x8d0\n tcp_push_one+0x3c/0x60\n tcp_sendmsg_locked+0x2e1/0xac0\n tcp_sendmsg+0x2d/0x50\n inet_sendmsg+0x43/0x90\n sock_sendmsg+0x68/0x80\n sock_write_iter+0x93/0x100\n vfs_write+0x326/0x3c0\n ksys_write+0xbd/0xf0\n ? do_syscall_64+0x69/0x90\n __x64_sys_write+0x19/0x30\n do_syscall_\n---truncated---" } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "drivers/infiniband/hw/mlx5/wr.c", "include/linux/mlx5/qp.h" ], "versions": [ { "version": "34f4c9554d8b2a7d2deb9503e9373b598ee3279f", "lessThan": "d27c48dc309da72c3b46351a1205d89687272baa", "status": "affected", "versionType": "git" }, { "version": "34f4c9554d8b2a7d2deb9503e9373b598ee3279f", "lessThan": "60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d", "status": "affected", "versionType": "git" }, { "version": "34f4c9554d8b2a7d2deb9503e9373b598ee3279f", "lessThan": "cad82f1671e41094acd3b9a60cd27d67a3c64a21", "status": "affected", "versionType": "git" }, { "version": "34f4c9554d8b2a7d2deb9503e9373b598ee3279f", "lessThan": "9a624a5f95733bac4648ecadb320ca83aa9c08fd", "status": "affected", "versionType": "git" }, { "version": "34f4c9554d8b2a7d2deb9503e9373b598ee3279f", "lessThan": "185fa07000e0a81d54cf8c05414cebff14469a5c", "status": "affected", "versionType": "git" }, { "version": "34f4c9554d8b2a7d2deb9503e9373b598ee3279f", "lessThan": "4d5e86a56615cc387d21c629f9af8fb0e958d350", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "drivers/infiniband/hw/mlx5/wr.c", "include/linux/mlx5/qp.h" ], "versions": [ { "version": "5.0", "status": "affected" }, { "version": "0", "lessThan": "5.0", "status": "unaffected", "versionType": "semver" }, { "version": "5.10.214", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.15.153", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.1.83", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.6.23", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "5.10.214" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "5.15.153" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.1.83" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.6.23" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.7.11" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.8" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa" }, { "url": "https://git.kernel.org/stable/c/60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d" }, { "url": "https://git.kernel.org/stable/c/cad82f1671e41094acd3b9a60cd27d67a3c64a21" }, { "url": "https://git.kernel.org/stable/c/9a624a5f95733bac4648ecadb320ca83aa9c08fd" }, { "url": "https://git.kernel.org/stable/c/185fa07000e0a81d54cf8c05414cebff14469a5c" }, { "url": "https://git.kernel.org/stable/c/4d5e86a56615cc387d21c629f9af8fb0e958d350" } ], "title": "RDMA/mlx5: Fix fortify source warning while accessing Eth segment", "x_generator": { "engine": "bippy-1.2.0" } }, "adp": [ { "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.937Z" }, "title": "CVE Program Container", "references": [ { "url": "https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/cad82f1671e41094acd3b9a60cd27d67a3c64a21", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/9a624a5f95733bac4648ecadb320ca83aa9c08fd", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/185fa07000e0a81d54cf8c05414cebff14469a5c", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/4d5e86a56615cc387d21c629f9af8fb0e958d350", "tags": [ "x_transferred" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": [ "x_transferred" ] } ] }, { "problemTypes": [ { "descriptions": [ { "type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free" } ] } ], "affected": [ { "vendor": "linux", "product": "linux_kernel", "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "versions": [ { "version": "1da177e4c3f4", "status": "affected", "lessThan": "d27c48dc309d", "versionType": "custom" } ] }, { "vendor": "linux", "product": "linux_kernel", "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "versions": [ { "version": "5.10.214", "status": "unaffected", "lessThanOrEqual": "5.11", "versionType": "custom" } ] }, { "vendor": "linux", "product": "linux_kernel", "cpes": [ "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "versions": [ { "version": "6.183", "status": "unaffected", "lessThanOrEqual": "6.2", "versionType": "custom" } ] }, { "vendor": "linux", "product": "linux_kernel", "cpes": [ "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "versions": [ { "version": "6.623", "status": "unaffected", "lessThanOrEqual": "6.7", "versionType": "custom" } ] }, { "vendor": "linux", "product": "linux_kernel", "cpes": [ "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "versions": [ { "version": "6.711", "status": "unaffected", "lessThanOrEqual": "6.8", "versionType": "custom" } ] }, { "vendor": "linux", "product": "linux_kernel", "cpes": [ "cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "versions": [ { "version": "6.8", "status": "unaffected", "lessThanOrEqual": "*", "versionType": "custom" } ] }, { "vendor": "linux", "product": "linux_kernel", "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "versions": [ { "version": "5.15.153", "status": "unaffected", "lessThanOrEqual": "5.16", "versionType": "custom" } ] }, { "vendor": "linux", "product": "linux_kernel", "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "versions": [ { "version": "1da177e4c3f4", "status": "affected", "lessThan": "60ba938a8bc8", "versionType": "custom" }, { "version": "1da177e4c3f4", "status": "affected", "lessThanOrEqual": "cad82f1671e4", "versionType": "custom" }, { "version": "1da177e4c3f4", "status": "affected", "lessThanOrEqual": "9a624a5f9573", "versionType": "custom" }, { "version": "1da177e4c3f4", "status": "affected", "lessThanOrEqual": "185fa07000e0", "versionType": "custom" }, { "version": "1da177e4c3f4", "status": "affected", "lessThanOrEqual": "4d5e86a56615", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH" } }, { "other": { "type": "ssvc", "content": { "timestamp": "2025-02-06T16:55:44.551098Z", "id": "CVE-2024-26907", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-06T16:55:51.074Z" } }, { "x_adpType": "supplier", "providerMetadata": { "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "shortName": "siemens-SADP", "dateUpdated": "2026-05-12T11:50:32.349Z" }, "affected": [ { "vendor": "Siemens", "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem", "versions": [ { "status": "affected", "version": "0", "lessThan": "*", "versionType": "custom" } ], "defaultStatus": "unknown" } ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html" } ] } ] }, "dataVersion": "5.2" }