5.5
MEDIUM
CVE-2024-26733
Oracle Solaris ARP Buffer Overflow
Description

In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha here is struct sockaddr, not struct sockaddr_storage, so the sa_data buffer is just 14 bytes. In the splat below, 2 bytes are overflown to the next int field, arp_flags. We initialise the field just after the memcpy(), so it's not a problem. However, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN), arp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL) in arp_ioctl() before calling arp_req_get(). To avoid the overflow, let's limit the max length of memcpy(). Note that commit b5f0de6df6dc ("net: dev: Convert sa_data to flexible array in struct sockaddr") just silenced syzkaller. [0]: memcpy: detected field-spanning write (size 16) of single field "r->arp_ha.sa_data" at net/ipv4/arp.c:1128 (size 14) WARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Modules linked in: CPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 RIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Code: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6 RSP: 0018:ffffc900050b7998 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001 RBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000 R13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010 FS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261 inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981 sock_do_ioctl+0xdf/0x260 net/socket.c:1204 sock_ioctl+0x3ef/0x650 net/socket.c:1321 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7f172b262b8d Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d RDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003 RBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000 </TASK>

INFO

Published Date :

April 3, 2024, 5:15 p.m.

Last Modified :

March 17, 2025, 4:02 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2024-26733 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Netapp a700s_firmware
2 Netapp 8300_firmware
3 Netapp 8700_firmware
4 Netapp a400_firmware
5 Netapp e-series_santricity_os_controller
6 Netapp h615c_firmware
7 Netapp h610s_firmware
8 Netapp h610c_firmware
9 Netapp a320_firmware
10 Netapp c190_firmware
11 Netapp a220_firmware
12 Netapp fas2720_firmware
13 Netapp fas2750_firmware
14 Netapp a800_firmware
15 Netapp c400_firmware
16 Netapp h610c
17 Netapp h610s
18 Netapp h615c
19 Netapp fas2820_firmware
20 Netapp a700s
21 Netapp 8300
22 Netapp 8700
23 Netapp a400
24 Netapp a320
25 Netapp c190
26 Netapp a220
27 Netapp fas2720
28 Netapp fas2750
29 Netapp a800
30 Netapp c400
31 Netapp fas2820
32 Netapp c800_firmware
33 Netapp c800
34 Netapp a900_firmware
35 Netapp a900
36 Netapp a150_firmware
37 Netapp a150
38 Netapp a1k_firmware
39 Netapp a1k
40 Netapp a70_firmware
41 Netapp a70
42 Netapp a90_firmware
43 Netapp a90
44 Netapp 9500_firmware
45 Netapp 9500
46 Netapp a300_firmware
47 Netapp a300
48 Netapp 8200_firmware
49 Netapp 8200
50 Netapp a700_firmware
51 Netapp a700
52 Netapp 9000_firmware
53 Netapp 9000
1 Linux linux_kernel
1 Debian debian_linux
: Total Affected Vendor : 3 | Products : 55
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-26733.

URL Resource
https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a Patch
https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50 Patch
https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91 Patch
https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667 Patch
https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 Patch
https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0 Patch
https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a Patch
https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50 Patch
https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91 Patch
https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667 Patch
https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 Patch
https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0 Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Mailing List
https://security.netapp.com/advisory/ntap-20241101-0013/ Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-26733 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-26733 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Mar. 17, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE CWE-787
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.80 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.150 *cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.10.211:*:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.12 up to (excluding) 5.10.211 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.19 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.7.7 *cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a1k_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a1k:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a70_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a70:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a90_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a90:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a700s:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:8300:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:8700:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a400:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:c400_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:c400:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a320:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a800:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:c800_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:c800:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a900_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a900:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:9500_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:9500:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:c190:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a150_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a150:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a220:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:fas2720:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:fas2750:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:fas2820_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:fas2820:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a300_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a300:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:8200_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:8200:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a700_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a700:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:9000_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:9000:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h610c:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h610s:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h615c:*:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* versions from (including) 11.0.0 up to (including) 11.70.2
    Added Reference Type CVE: https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0 Types: Patch
    Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Types: Mailing List
    Added Reference Type CVE: https://security.netapp.com/advisory/ntap-20241101-0013/ Types: Third Party Advisory
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a
    Added Reference https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50
    Added Reference https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91
    Added Reference https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667
    Added Reference https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587
    Added Reference https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0
    Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
    Added Reference https://security.netapp.com/advisory/ntap-20241101-0013/
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Nov. 05, 2024

    Action Type Old Value New Value
    Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 25, 2024

    Action Type Old Value New Value
    Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html [No types assigned]
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 29, 2024

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Apr. 03, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha here is struct sockaddr, not struct sockaddr_storage, so the sa_data buffer is just 14 bytes. In the splat below, 2 bytes are overflown to the next int field, arp_flags. We initialise the field just after the memcpy(), so it's not a problem. However, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN), arp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL) in arp_ioctl() before calling arp_req_get(). To avoid the overflow, let's limit the max length of memcpy(). Note that commit b5f0de6df6dc ("net: dev: Convert sa_data to flexible array in struct sockaddr") just silenced syzkaller. [0]: memcpy: detected field-spanning write (size 16) of single field "r->arp_ha.sa_data" at net/ipv4/arp.c:1128 (size 14) WARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Modules linked in: CPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 RIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Code: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6 RSP: 0018:ffffc900050b7998 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001 RBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000 R13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010 FS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261 inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981 sock_do_ioctl+0xdf/0x260 net/socket.c:1204 sock_ioctl+0x3ef/0x650 net/socket.c:1321 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7f172b262b8d Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d RDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003 RBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000 </TASK>
    Added Reference kernel.org https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-26733 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-26733 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: