PRIOn Logo

CVE-2024-26621 Spoofing

Routine
Remediate Within 6 Months

CVE Information

Original CVE data

Published:
Updated:

In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: don't force huge page alignment on 32 bit commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries") caused two issues [1] [2] reported on 32 bit system or compat userspace. It doesn't make too much sense to force huge page alignment on 32 bit system due to the constrained virtual address space. [1] https://lore.kernel.org/linux-mm/[email protected]/ [2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/

CWE:
CVSS v2-
CVSS v3-
References
https://git.kernel.org/stable/c/7432376c913381c5f24d373a87ff629bbde94b47
https://git.kernel.org/stable/c/4ef9ad19e17676b9ef071309bc62020e2373705d
https://git.kernel.org/stable/c/87632bc9ecff5ded93433bc0fca428019bdd1cfe
https://zolutal.github.io/aslrnt/
http://www.openwall.com/lists/oss-security/2024/07/08/3
http://www.openwall.com/lists/oss-security/2024/07/08/5
http://www.openwall.com/lists/oss-security/2024/07/08/4
http://www.openwall.com/lists/oss-security/2024/07/08/6
http://www.openwall.com/lists/oss-security/2024/07/08/7
http://www.openwall.com/lists/oss-security/2024/07/08/8
http://www.openwall.com/lists/oss-security/2024/07/09/1
http://www.openwall.com/lists/oss-security/2024/07/10/5
http://www.openwall.com/lists/oss-security/2024/07/10/7
http://www.openwall.com/lists/oss-security/2024/07/10/8
Affected Vendors

Basic Analysis

Common vulnerability metrics

Vulnerabilty type as detected by PRIOnengine

Spoofing

CVSS Scores as calculated by PRIOnengine
CVSS v23.6
AV:L/AC:L/AU:N/C:P/I:N/A:P
CVSS v39.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MITRE CWE Top 25

-

Exploits

No exploit code is reported to exist.

Active Exploitation

Vulnerability is not in CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog

Social Network Activity

-

Threat Actor Activity

No sightings of the vulnerability within threat reports.

Cybersecurity Frameworks

How the vulnerability maps against various cybersecurity frameworks

-

Compliance Impact

How the submited vulnerability affects compliance

-

Web Application Security Frameworks

Applicable if the issue likely affects a web application

WASC-19 - SQL Injection