CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-26990

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00116/1

CVE-2024-26990 is a vulnerability in the Linux kernel related to KVM (Kernel-based Virtual Machine) and its memory management unit (MMU), specifically concerning write protection of Shadow Page Table Entries (SPTEs) in the Two-Dimensional Paging (TDP) MMU. This issue arises when clearing dirty status flags in certain configurations, potentially leading to inconsistent dirty logs for Level 2 guests. The flaw could allow Level 2 guests to make writes that aren't properly tracked, potentially impacting data integrity and security. Despite the CVSS score of 0, indicating no base exploitability, the SOCRadar Vulnerability Risk Score (SVRS) of 30, along with the "In The Wild" tag suggests a need for monitoring and potential patching. The core problem is in how KVM handles dirty logging for nested virtualization, where an L2 guest runs within an L1 hypervisor. Failing to properly write-protect SPTEs can cause writes from the L2 guest to be missed, leading to discrepancies. While not immediately critical, this vulnerability could be leveraged in more complex attack scenarios, highlighting the importance of staying up-to-date with kernel security patches.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-05-01
LAST MODIFIED2024-05-13

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-26990 | Linux Kernel up to 6.6.28/6.8.7/6.9-rc4 on TDP KVM kvm_mmu_page_ad_need_write_protect Privilege Escalation (cdf811a93747/e20bff0f1b2d/2673dfb591a3 / Nessus ID 210815)
vuldb.com2024-11-13
CVE-2024-26990 | Linux Kernel up to 6.6.28/6.8.7/6.9-rc4 on TDP KVM kvm_mmu_page_ad_need_write_protect Privilege Escalation (cdf811a93747/e20bff0f1b2d/2673dfb591a3 / Nessus ID 210815) | A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.28/6.8.7/6.9-rc4 on TDP. This affects the function kvm_mmu_page_ad_need_write_protect of the component KVM. The manipulation leads to Privilege Escalation. This vulnerability is uniquely
vuldb.com
rss
forum
news
USN-6918-1: Linux kernel vulnerabilities
2024-07-26
USN-6918-1: Linux kernel vulnerabilities | It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - Accessibility subsystem; - Android drivers; - Drivers core; - Bluetooth drivers; - Clock framework and drivers; - Data acquisition framework and
cve-2024-26982
cve-2024-26997
cve-2024-35892
cve-2024-27014
USN-6893-3: Linux kernel vulnerabilities
2024-07-23
USN-6893-3: Linux kernel vulnerabilities | It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - Accessibility subsystem; - Android drivers; - Drivers core; - Bluetooth
ubuntu.com
rss
forum
news
USN-6893-2: Linux kernel vulnerabilities
2024-07-16
USN-6893-2: Linux kernel vulnerabilities | It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - Accessibility subsystem; - Android drivers; - Drivers core; - Bluetooth
cve-2024-26999
cve-2024-36021
cve-2024-35917
cve-2024-36024
USN-6893-1: Linux kernel vulnerabilities
2024-07-11
USN-6893-1: Linux kernel vulnerabilities | It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - Accessibility subsystem; - Android drivers; - Drivers core; - Bluetooth
cve-2024-26998
cve-2024-36022
cve-2024-27022
cve-2024-26988
CVE-2024-26990 | Linux Kernel up to 6.6.28/6.8.7/6.9-rc4 on TDP KVM kvm_mmu_page_ad_need_write_protect Privilege Escalation (cdf811a93747/e20bff0f1b2d/2673dfb591a3)
vuldb.com2024-05-01
CVE-2024-26990 | Linux Kernel up to 6.6.28/6.8.7/6.9-rc4 on TDP KVM kvm_mmu_page_ad_need_write_protect Privilege Escalation (cdf811a93747/e20bff0f1b2d/2673dfb591a3) | A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.28/6.8.7/6.9-rc4 on TDP. This affects the function kvm_mmu_page_ad_need_write_protect of the component KVM. The manipulation leads to Privilege Escalation. This vulnerability is uniquely identified as <
cve-2024-26990
domains
urls
cves

Social Media

CVE-2024-26990 In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Check kvm_mmu_page_ad… https://t.co/MmVqHG1PVU
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/2673dfb591a359c75080dd5af3da484b89320d22
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/cdf811a937471af2d1facdf8ae80e5e68096f1ed
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/e20bff0f1b2de9cfe303dd35ff46470104a87404
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/2673dfb591a359c75080dd5af3da484b89320d22
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/cdf811a937471af2d1facdf8ae80e5e68096f1ed
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/e20bff0f1b2de9cfe303dd35ff46470104a87404
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://lists.fedoraproject.org/archives/list/[email protected]/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://lists.fedoraproject.org/archives/list/[email protected]/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://lists.fedoraproject.org/archives/list/[email protected]/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence