4.7
MEDIUM
CVE-2024-26878
Kernel Quota NULL Pointer Dereference Vulnerability in Linux
Description

In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference Below race may cause NULL pointer dereference P1 P2 dquot_free_inode quota_off drop_dquot_ref remove_dquot_ref dquots = i_dquot(inode) dquots = i_dquot(inode) srcu_read_lock dquots[cnt]) != NULL (1) dquots[type] = NULL (2) spin_lock(&dquots[cnt]->dq_dqb_lock) (3) .... If dquot_free_inode(or other routines) checks inode's quota pointers (1) before quota_off sets it to NULL(2) and use it (3) after that, NULL pointer dereference will be triggered. So let's fix it by using a temporary pointer to avoid this issue.

INFO

Published Date :

April 17, 2024, 11:15 a.m.

Last Modified :

Jan. 14, 2025, 2:49 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.0
Affected Products

The following products are affected by CVE-2024-26878 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
1 Debian debian_linux
: Total Affected Vendor : 2 | Products : 2
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-26878.

URL Resource
https://git.kernel.org/stable/c/1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25 Patch
https://git.kernel.org/stable/c/40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5 Patch
https://git.kernel.org/stable/c/49669f8e7eb053f91d239df7b1bfb4500255a9d0 Patch
https://git.kernel.org/stable/c/61380537aa6dd32d8a723d98b8f1bd1b11d8fee0 Patch
https://git.kernel.org/stable/c/6afc9f4434fa8063aa768c2bf5bf98583aee0877 Patch
https://git.kernel.org/stable/c/7f9e833fc0f9b47be503af012eb5903086939754 Patch
https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1 Patch
https://git.kernel.org/stable/c/d0aa72604fbd80c8aabb46eda00535ed35570f1f Patch
https://git.kernel.org/stable/c/f2649d98aa9ca8623149b3cb8df00c944f5655c7 Patch
https://git.kernel.org/stable/c/1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25 Patch
https://git.kernel.org/stable/c/40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5 Patch
https://git.kernel.org/stable/c/49669f8e7eb053f91d239df7b1bfb4500255a9d0 Patch
https://git.kernel.org/stable/c/61380537aa6dd32d8a723d98b8f1bd1b11d8fee0 Patch
https://git.kernel.org/stable/c/6afc9f4434fa8063aa768c2bf5bf98583aee0877 Patch
https://git.kernel.org/stable/c/7f9e833fc0f9b47be503af012eb5903086939754 Patch
https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1 Patch
https://git.kernel.org/stable/c/d0aa72604fbd80c8aabb46eda00535ed35570f1f Patch
https://git.kernel.org/stable/c/f2649d98aa9ca8623149b3cb8df00c944f5655c7 Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Mailing List

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-26878 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-26878 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Jan. 14, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE NIST CWE-362
    Added CWE NIST CWE-476
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 4.19.311 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.273 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.214 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.153 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.83 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.23 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.7.11 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.8 up to (excluding) 6.8.2
    Changed Reference Type https://git.kernel.org/stable/c/1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25 No Types Assigned https://git.kernel.org/stable/c/1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25 Patch
    Changed Reference Type https://git.kernel.org/stable/c/1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25 No Types Assigned https://git.kernel.org/stable/c/1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25 Patch
    Changed Reference Type https://git.kernel.org/stable/c/40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5 No Types Assigned https://git.kernel.org/stable/c/40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5 Patch
    Changed Reference Type https://git.kernel.org/stable/c/40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5 No Types Assigned https://git.kernel.org/stable/c/40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5 Patch
    Changed Reference Type https://git.kernel.org/stable/c/49669f8e7eb053f91d239df7b1bfb4500255a9d0 No Types Assigned https://git.kernel.org/stable/c/49669f8e7eb053f91d239df7b1bfb4500255a9d0 Patch
    Changed Reference Type https://git.kernel.org/stable/c/49669f8e7eb053f91d239df7b1bfb4500255a9d0 No Types Assigned https://git.kernel.org/stable/c/49669f8e7eb053f91d239df7b1bfb4500255a9d0 Patch
    Changed Reference Type https://git.kernel.org/stable/c/61380537aa6dd32d8a723d98b8f1bd1b11d8fee0 No Types Assigned https://git.kernel.org/stable/c/61380537aa6dd32d8a723d98b8f1bd1b11d8fee0 Patch
    Changed Reference Type https://git.kernel.org/stable/c/61380537aa6dd32d8a723d98b8f1bd1b11d8fee0 No Types Assigned https://git.kernel.org/stable/c/61380537aa6dd32d8a723d98b8f1bd1b11d8fee0 Patch
    Changed Reference Type https://git.kernel.org/stable/c/6afc9f4434fa8063aa768c2bf5bf98583aee0877 No Types Assigned https://git.kernel.org/stable/c/6afc9f4434fa8063aa768c2bf5bf98583aee0877 Patch
    Changed Reference Type https://git.kernel.org/stable/c/6afc9f4434fa8063aa768c2bf5bf98583aee0877 No Types Assigned https://git.kernel.org/stable/c/6afc9f4434fa8063aa768c2bf5bf98583aee0877 Patch
    Changed Reference Type https://git.kernel.org/stable/c/7f9e833fc0f9b47be503af012eb5903086939754 No Types Assigned https://git.kernel.org/stable/c/7f9e833fc0f9b47be503af012eb5903086939754 Patch
    Changed Reference Type https://git.kernel.org/stable/c/7f9e833fc0f9b47be503af012eb5903086939754 No Types Assigned https://git.kernel.org/stable/c/7f9e833fc0f9b47be503af012eb5903086939754 Patch
    Changed Reference Type https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1 No Types Assigned https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1 Patch
    Changed Reference Type https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1 No Types Assigned https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1 Patch
    Changed Reference Type https://git.kernel.org/stable/c/d0aa72604fbd80c8aabb46eda00535ed35570f1f No Types Assigned https://git.kernel.org/stable/c/d0aa72604fbd80c8aabb46eda00535ed35570f1f Patch
    Changed Reference Type https://git.kernel.org/stable/c/d0aa72604fbd80c8aabb46eda00535ed35570f1f No Types Assigned https://git.kernel.org/stable/c/d0aa72604fbd80c8aabb46eda00535ed35570f1f Patch
    Changed Reference Type https://git.kernel.org/stable/c/f2649d98aa9ca8623149b3cb8df00c944f5655c7 No Types Assigned https://git.kernel.org/stable/c/f2649d98aa9ca8623149b3cb8df00c944f5655c7 Patch
    Changed Reference Type https://git.kernel.org/stable/c/f2649d98aa9ca8623149b3cb8df00c944f5655c7 No Types Assigned https://git.kernel.org/stable/c/f2649d98aa9ca8623149b3cb8df00c944f5655c7 Patch
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html No Types Assigned https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Mailing List
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html No Types Assigned https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Mailing List
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25
    Added Reference https://git.kernel.org/stable/c/40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5
    Added Reference https://git.kernel.org/stable/c/49669f8e7eb053f91d239df7b1bfb4500255a9d0
    Added Reference https://git.kernel.org/stable/c/61380537aa6dd32d8a723d98b8f1bd1b11d8fee0
    Added Reference https://git.kernel.org/stable/c/6afc9f4434fa8063aa768c2bf5bf98583aee0877
    Added Reference https://git.kernel.org/stable/c/7f9e833fc0f9b47be503af012eb5903086939754
    Added Reference https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1
    Added Reference https://git.kernel.org/stable/c/d0aa72604fbd80c8aabb46eda00535ed35570f1f
    Added Reference https://git.kernel.org/stable/c/f2649d98aa9ca8623149b3cb8df00c944f5655c7
    Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
    Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Nov. 05, 2024

    Action Type Old Value New Value
    Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
    Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 27, 2024

    Action Type Old Value New Value
    Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html [No types assigned]
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 25, 2024

    Action Type Old Value New Value
    Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html [No types assigned]
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 29, 2024

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Apr. 17, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference Below race may cause NULL pointer dereference P1 P2 dquot_free_inode quota_off drop_dquot_ref remove_dquot_ref dquots = i_dquot(inode) dquots = i_dquot(inode) srcu_read_lock dquots[cnt]) != NULL (1) dquots[type] = NULL (2) spin_lock(&dquots[cnt]->dq_dqb_lock) (3) .... If dquot_free_inode(or other routines) checks inode's quota pointers (1) before quota_off sets it to NULL(2) and use it (3) after that, NULL pointer dereference will be triggered. So let's fix it by using a temporary pointer to avoid this issue.
    Added Reference kernel.org https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/49669f8e7eb053f91d239df7b1bfb4500255a9d0 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/61380537aa6dd32d8a723d98b8f1bd1b11d8fee0 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/7f9e833fc0f9b47be503af012eb5903086939754 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/40a673b4b07efd6f74ff3ab60f38b26aa91ee5d5 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/f2649d98aa9ca8623149b3cb8df00c944f5655c7 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/6afc9f4434fa8063aa768c2bf5bf98583aee0877 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/d0aa72604fbd80c8aabb46eda00535ed35570f1f [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-26878 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-26878 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: