search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2024-26588 - 01d39d67 #4540

Open witchcraze opened 1 month ago

witchcraze commented 1 month ago

[CVE Configuration Update Request] Update Suggestion - CVE-2024-26588 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2024-26588 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2024-26588.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2024-26588.json

- CVE-2024-26588
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1.0 up to (excluding) 6.1.75
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6.14
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7.0 up to (excluding) 6.7.2
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.8.0 up to (excluding) 6.8
- Reference
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.75
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.14
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7.2
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.8
- Reference (Commit)
  - LoongArch: BPF: Prevent out-of-bounds memory access
    - Fixed by
      - 6.1.75 (4631c2dd69d928bca396f9f58baeddf85e14ced5)
      - 6.6.14 (9aeb09f4d85a87bac46c010d75a2ea299d462f28)
      - 6.7.2 (7924ade13a49c0067da6ea13e398102979c0654a)
      - 6.8 (36a87385e31c9343af9a4756598e704741250a67) (upstream)
    - Will be introduced by
      - 6.1 (bbfddb904df6)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2024-26588 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel 6.1.75
cpe:/o:linux:linux_kernel 6.2.0 6.6.14
cpe:/o:linux:linux_kernel 6.7.0 6.7.2
witchcraze commented 1 month ago 
- CVE-2024-26588
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.1 up to (excluding) 6.1.75
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.14
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.7.2
- Reference
  - https://ubuntu.com/security/CVE-2024-26588
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1.75
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.14
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.7.2
  - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.8
  - Introduce
    - https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.1
- Reference (Commit)
  - LoongArch: BPF: Prevent out-of-bounds memory access
    - Fixed by
      - 6.1.75 (4631c2dd69d928bca396f9f58baeddf85e14ced5)
      - 6.6.14 (9aeb09f4d85a87bac46c010d75a2ea299d462f28)
      - 6.7.2 (7924ade13a49c0067da6ea13e398102979c0654a)
      - 6.8 (36a87385e31c9343af9a4756598e704741250a67) (upstream)
    - Will be introduced by
      - 6.1 (bbfddb904df6)
- I Checked
  - From ubuntu page
    - Introduced by bbfddb904df6f82a5948687a2d57766216b9bc0f Fixed by 36a87385e31c9343af9a4756598e704741250a67
  - 36a87385e31c9343af9a4756598e704741250a67 is written as upstream commit in each ChangeLog
  - bbfddb904df6f82a5948687a2d57766216b9bc0f is written in ChangeLog-6.1