CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-26645

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00046/1

CVE-2024-26645: A race condition vulnerability exists in the Linux kernel's tracing functionality, specifically when inserting elements into the tracing_map. This flaw can lead to unexpected warnings about duplicate histogram entries on multi-processor AArch64 systems, triggered by parallel execution of tracing commands and stress tests. The issue arises from CPU reordering of writes in the __tracing_map_insert() function.

The vulnerability allows a race condition where a CPU might incorrectly determine that a new key doesn't match an already present val->key. While the CVSS score is 0, indicating a low quantitative impact, the SOCRadar Vulnerability Risk Score (SVRS) is 30, suggesting a moderate level of risk due to the potential for system instability and logging errors, especially in high-performance environments using kernel tracing features. This means it's important to apply the patch that ensures visibility when inserting an element into the tracing_map function to avoid potential instability. The update should be implemented to prevent diagnostic inaccuracies.

TAGS
No tags available
VECTOR STRING
PUBLICATION DATE2024-03-26
LAST MODIFIED2024-11-05

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-26645 | Linux Kernel up to 6.7.2 __tracing_map_insert state issue (Nessus ID 207773)
vuldb.com2024-09-29
CVE-2024-26645 | Linux Kernel up to 6.7.2 __tracing_map_insert state issue (Nessus ID 207773) | A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.7.2. This affects the function __tracing_map_insert. The manipulation leads to state issue. This vulnerability is uniquely identified as CVE-2024-26645. The attack can only be initiated within the local network. There
cve-2024-26645
domains
urls
cves
USN-6819-4: Linux kernel (Oracle) vulnerabilities
2024-06-26
USN-6819-4: Linux kernel (Oracle) vulnerabilities | Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service (system crash). (CVE-2024-23849) It was discovered that a race condition
cve-2023-52444
cve-2023-52597
cve-2023-52457
cve-2024-26598
CVE-2024-26645 | Linux Kernel up to 6.7.2 __tracing_map_insert state issue
vuldb.com2024-06-26
CVE-2024-26645 | Linux Kernel up to 6.7.2 __tracing_map_insert state issue | A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.7.2. This affects the function __tracing_map_insert. The manipulation leads to state issue. This vulnerability is uniquely identified as CVE-2024-26645. The attack can only be initiated within the local network. There is no exploit
cve-2024-26645
domains
urls
cves
USN-6818-2: Linux kernel (ARM laptop) vulnerabilities
2024-06-10
USN-6818-2: Linux kernel (ARM laptop) vulnerabilities | Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. (CVE
ubuntu.com
rss
forum
news
USN-6795-1: Linux kernel (Intel IoTG) vulnerabilities
2024-05-28
USN-6795-1: Linux kernel (Intel IoTG) vulnerabilities | Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron
cve-2024-26664
cve-2023-52498
cve-2023-52619
cve-2024-26640
USN-6766-3: Linux kernel (AWS) vulnerabilities
2024-05-20
USN-6766-3: Linux kernel (AWS) vulnerabilities | It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability (CVE-2022-0001) were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information. (CVE-2024-2201) Chenyuan Yang discovered that the RDS Protocol
cve-2023-52588
cve-2023-52637
cve-2024-26627
cve-2023-52491
USN-6766-2: Linux kernel vulnerabilities
2024-05-15
USN-6766-2: Linux kernel vulnerabilities | It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability (CVE-2022-0001) were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information. (CVE-2024-2201) Chenyuan Yang discovered that the RDS Protocol implementation
ubuntu.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

No affected software found for this CVE

References

ReferenceLink
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/2b44760609e9eaafc9d234a6883d042fc21132a7
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/5022b331c041e8c54b9a6a3251579bd1e8c0fc0b
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/a1eebe76e187dbe11ca299f8dbb6e45d5b1889e7
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/aef1cb00856ccfd614467cfb50b791278992e177
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/bf4aeff7da85c3becd39fb73bac94122331c30fb
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/dad9b28f675ed99b4dec261db2a397efeb80b74c
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/ef70dfa0b1e5084f32635156c9a5c795352ad860
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/f4f7e696db0274ff560482cc52eddbf0551d4b7a
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/2b44760609e9eaafc9d234a6883d042fc21132a7
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/5022b331c041e8c54b9a6a3251579bd1e8c0fc0b
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/a1eebe76e187dbe11ca299f8dbb6e45d5b1889e7
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/aef1cb00856ccfd614467cfb50b791278992e177
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/bf4aeff7da85c3becd39fb73bac94122331c30fb
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/dad9b28f675ed99b4dec261db2a397efeb80b74c
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/ef70dfa0b1e5084f32635156c9a5c795352ad860
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/f4f7e696db0274ff560482cc52eddbf0551d4b7a
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/2b44760609e9eaafc9d234a6883d042fc21132a7
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/5022b331c041e8c54b9a6a3251579bd1e8c0fc0b
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/a1eebe76e187dbe11ca299f8dbb6e45d5b1889e7
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/aef1cb00856ccfd614467cfb50b791278992e177
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/bf4aeff7da85c3becd39fb73bac94122331c30fb
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/dad9b28f675ed99b4dec261db2a397efeb80b74c
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/ef70dfa0b1e5084f32635156c9a5c795352ad860
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/f4f7e696db0274ff560482cc52eddbf0551d4b7a
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence