0.0
NA
CVE-2024-26650
CVE-2021-31955: Microsoft Windows Inter-Process Communication Vulnerability
Description

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

INFO

Published Date :

March 26, 2024, 6:15 p.m.

Last Modified :

May 23, 2024, 2:15 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

Exploitability Score :

Affected Products

The following products are affected by CVE-2024-26650 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-26650 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-26650 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Rejected by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 23, 2024

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 23, 2024

    Action Type Old Value New Value
    Changed Description In the Linux kernel, the following vulnerability has been resolved: platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe p2sb_bar() unhides P2SB device to get resources from the device. It guards the operation by locking pci_rescan_remove_lock so that parallel rescans do not find the P2SB device. However, this lock causes deadlock when PCI bus rescan is triggered by /sys/bus/pci/rescan. The rescan locks pci_rescan_remove_lock and probes PCI devices. When PCI devices call p2sb_bar() during probe, it locks pci_rescan_remove_lock again. Hence the deadlock. To avoid the deadlock, do not lock pci_rescan_remove_lock in p2sb_bar(). Instead, do the lock at fs_initcall. Introduce p2sb_cache_resources() for fs_initcall which gets and caches the P2SB resources. At p2sb_bar(), refer the cache and return to the caller. Before operating the device at P2SB DEVFN for resource cache, check that its device class is PCI_CLASS_MEMORY_OTHER 0x0580 that PCH specifications define. This avoids unexpected operation to other devices at the same DEVFN. Tested-by Klara Modin <[email protected]> Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
    Removed Reference kernel.org https://git.kernel.org/stable/c/2841631a03652f32b595c563695d0461072e0de4
    Removed Reference kernel.org https://git.kernel.org/stable/c/847e1eb30e269a094da046c08273abe3f3361cf2
    Removed Reference kernel.org https://git.kernel.org/stable/c/d281ac9a987c553d93211b90fd4fe97d8eca32cd
    Removed Reference kernel.org https://git.kernel.org/stable/c/5913320eb0b3ec88158cfcb0fa5e996bf4ef681b
  • CVE Translated by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 23, 2024

    Action Type Old Value New Value
    Removed Translation Title: kernel de Linux Description: En el kernel de Linux, se resolvió la siguiente vulnerabilidad: plataforma/x86: p2sb: permitir llamadas a p2sb_bar() durante la sonda del dispositivo PCI p2sb_bar() muestra el dispositivo P2SB para obtener recursos del dispositivo. Protege la operación bloqueando pci_rescan_remove_lock para que los rescaneos paralelos no encuentren el dispositivo P2SB. Sin embargo, este bloqueo provoca un interbloqueo cuando /sys/bus/pci/rescan activa la nueva exploración del bus PCI. La nueva exploración bloquea pci_rescan_remove_lock y sondea los dispositivos PCI. Cuando los dispositivos PCI llaman a p2sb_bar() durante la prueba, bloquea pci_rescan_remove_lock nuevamente. De ahí el punto muerto. Para evitar el punto muerto, no bloquee pci_rescan_remove_lock en p2sb_bar(). En su lugar, realice el bloqueo en fs_initcall. Introduzca p2sb_cache_resources() para fs_initcall que obtiene y almacena en caché los recursos de P2SB. En p2sb_bar(), consulte el caché y regrese a la persona que llama. Antes de operar el dispositivo en P2SB DEVFN para caché de recursos, verifique que su clase de dispositivo sea PCI_CLASS_MEMORY_OTHER 0x0580 que definen las especificaciones PCH. Esto evita el funcionamiento inesperado de otros dispositivos en el mismo DEVFN. Probado por Klara Modin
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 26, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe p2sb_bar() unhides P2SB device to get resources from the device. It guards the operation by locking pci_rescan_remove_lock so that parallel rescans do not find the P2SB device. However, this lock causes deadlock when PCI bus rescan is triggered by /sys/bus/pci/rescan. The rescan locks pci_rescan_remove_lock and probes PCI devices. When PCI devices call p2sb_bar() during probe, it locks pci_rescan_remove_lock again. Hence the deadlock. To avoid the deadlock, do not lock pci_rescan_remove_lock in p2sb_bar(). Instead, do the lock at fs_initcall. Introduce p2sb_cache_resources() for fs_initcall which gets and caches the P2SB resources. At p2sb_bar(), refer the cache and return to the caller. Before operating the device at P2SB DEVFN for resource cache, check that its device class is PCI_CLASS_MEMORY_OTHER 0x0580 that PCH specifications define. This avoids unexpected operation to other devices at the same DEVFN. Tested-by Klara Modin <[email protected]>
    Added Reference kernel.org https://git.kernel.org/stable/c/2841631a03652f32b595c563695d0461072e0de4 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/847e1eb30e269a094da046c08273abe3f3361cf2 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/d281ac9a987c553d93211b90fd4fe97d8eca32cd [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/5913320eb0b3ec88158cfcb0fa5e996bf4ef681b [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-26650 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-26650 weaknesses.

NONE - Vulnerability Scoring System
: