{
  "threat_severity" : "Low",
  "public_date" : "2024-04-17T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: md: fix kmemleak of rdev->serial",
    "id" : "2275647",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2275647"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-402",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmd: fix kmemleak of rdev->serial\nIf kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be\nalloc not be freed, and kmemleak occurs.\nunreferenced object 0xffff88815a350000 (size 49152):\ncomm \"mdadm\", pid 789, jiffies 4294716910\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\nbacktrace (crc f773277a):\n[<0000000058b0a453>] kmemleak_alloc+0x61/0xe0\n[<00000000366adf14>] __kmalloc_large_node+0x15e/0x270\n[<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f\n[<00000000f206d60a>] kvmalloc_node+0x74/0x150\n[<0000000034bf3363>] rdev_init_serial+0x67/0x170\n[<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220\n[<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630\n[<0000000073c28560>] md_add_new_disk+0x400/0x9f0\n[<00000000770e30ff>] md_ioctl+0x15bf/0x1c10\n[<000000006cfab718>] blkdev_ioctl+0x191/0x3f0\n[<0000000085086a11>] vfs_ioctl+0x22/0x60\n[<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0\n[<00000000e54e675e>] do_syscall_64+0x71/0x150\n[<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74", "A memory leak flaw was found in rdev->serial in the Linux kernel. This issue may lead to a crash." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-26900\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26900\nhttps://lore.kernel.org/linux-cve-announce/2024041745-CVE-2024-26900-70a3@gregkh/T" ],
  "name" : "CVE-2024-26900",
  "csaw" : false
}