CVE-2024-26598
Published: Feb 23, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that invalidates the cache, such as a DISCARD ITS command. The root of the problem is that vgic_its_check_cache() does not elevate the refcount on the vgic_irq before dropping the lock that serializes refcount changes. Have vgic_its_check_cache() raise the refcount on the returned vgic_irq and add the corresponding decrement after queueing the interrupt.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 6211753fdfd05af9e08f54c8d0ba3ee516034878 - < d04acadb6490aa3314f9c9e087691e55de153b88affected 6211753fdfd05af9e08f54c8d0ba3ee516034878 - < ba7be666740847d967822bed15500656b26bc703affected 6211753fdfd05af9e08f54c8d0ba3ee516034878 - < 12c2759ab1343c124ed46ba48f27bd1ef5d2dff4affected 6211753fdfd05af9e08f54c8d0ba3ee516034878 - < dba788e25f05209adf2b0175eb1691dc89fb1ba6affected 6211753fdfd05af9e08f54c8d0ba3ee516034878 - < 65b201bf3e9af1b0254243a5881390eda56f72d1+2 more versions |
Linux | Linux | affected 3.11unaffected 0 - < 3.11unaffected 5.4.269 - <= 5.4.*unaffected 5.10.209 - <= 5.10.*unaffected 5.15.148 - <= 5.15.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now