{
  "threat_severity" : "Low",
  "public_date" : "2024-04-03T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: powerpc/kasan: Fix addr error caused by page alignment",
    "id" : "2273158",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2273158"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\npowerpc/kasan: Fix addr error caused by page alignment\nIn kasan_init_region, when k_start is not page aligned, at the begin of\nfor loop, k_cur = k_start & PAGE_MASK is less than k_start, and then\n`va = block + k_cur - k_start` is less than block, the addr va is invalid,\nbecause the memory address space from va to block is not alloced by\nmemblock_alloc, which will not be reserved by memblock_reserve later, it\nwill be used by other places.\nAs a result, memory overwriting occurs.\nfor example:\nint __init __weak kasan_init_region(void *start, size_t size)\n{\n[...]\n/* if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) */\nblock = memblock_alloc(k_end - k_start, PAGE_SIZE);\n[...]\nfor (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) {\n/* at the begin of for loop\n* block(dcd97000) va(dcd96c00) k_cur(feef7000) k_start(feef7400)\n* va(dcd96c00) is less than block(dcd97000), va is invalid\n*/\nvoid *va = block + k_cur - k_start;\n[...]\n}\n[...]\n}\nTherefore, page alignment is performed on k_start before\nmemblock_alloc() to ensure the validity of the VA address." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-26712\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26712\nhttps://lore.kernel.org/linux-cve-announce/2024040342-CVE-2024-26712-d713@gregkh/T" ],
  "name" : "CVE-2024-26712",
  "csaw" : false
}