CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-26994

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.0009/1

CVE-2024-26994 is a vulnerability in the Linux kernel's speakup driver that could lead to a crash. Specifically, an overly long word processed by the speakup driver can cause a buffer overflow. This issue is now resolved.

Although CVE-2024-26994 has a relatively low SOCRadar Vulnerability Risk Score (SVRS) of 30, indicating it's not considered a critical immediate threat, understanding the underlying cause is important. The vulnerability occurs when the console configuration is unusually large and contains words exceeding 256 characters, potentially overflowing the word buffer during processing by the speakup driver. Successful exploitation of this vulnerability could result in a system crash. While the low SVRS suggests limited real-world exploitability or impact, patching remains the best course of action to ensure system stability. The resolution involves ensuring that the driver stops processing before reaching the buffer's length limit.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-05-01
LAST MODIFIED2024-11-05

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

USN-6927-1: Linux kernel vulnerabilities
2024-07-30
USN-6927-1: Linux kernel vulnerabilities | Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307) It was discovered that a race condition existed in the Bluetooth subsystem
ubuntu.com
rss
forum
news
USN-6917-1: Linux kernel vulnerabilities
2024-07-26
USN-6917-1: Linux kernel vulnerabilities | Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307) It was discovered that a race condition existed in the Bluetooth subsystem
cve-2024-35900
cve-2024-36004
cve-2024-35884
cve-2024-26999
USN-6918-1: Linux kernel vulnerabilities
2024-07-26
USN-6918-1: Linux kernel vulnerabilities | It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - Accessibility subsystem; - Android drivers; - Drivers core; - Bluetooth drivers; - Clock framework and drivers; - Data acquisition framework and
cve-2024-26982
cve-2024-26997
cve-2024-35892
cve-2024-27014
USN-6919-1: Linux kernel vulnerabilities
2024-07-26
USN-6919-1: Linux kernel vulnerabilities | Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros 802.11ac wireless
cve-2024-26816
cve-2024-26773
cve-2024-27046
cve-2024-27028
USN-6896-5: Linux kernel vulnerabilities
2024-07-23
USN-6896-5: Linux kernel vulnerabilities | It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. (CVE-2023-7042) Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux
cve-2024-27077
cve-2024-35805
cve-2024-26966
cve-2024-26935
USN-6893-3: Linux kernel vulnerabilities
2024-07-23
USN-6893-3: Linux kernel vulnerabilities | It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - Accessibility subsystem; - Android drivers; - Drivers core; - Bluetooth
ubuntu.com
rss
forum
news
USN-6898-4: Linux kernel vulnerabilities
2024-07-23
USN-6898-4: Linux kernel vulnerabilities | Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307) It was discovered that a race condition existed in the Bluetooth subsystem
cve-2024-36006
cve-2024-35809
cve-2024-27396
cve-2024-26960

Social Media

CVE-2024-26994 In the Linux kernel, the following vulnerability has been resolved: speakup: Avoid crash on very long word In case a console is set up really large and contains a r… https://t.co/q6Ljq4iUtL
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/0d130158db29f5e0b3893154908cf618896450a8
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/0efb15c14c493263cb3a5f65f5ddfd4603d19a76
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/89af25bd4b4bf6a71295f07e07a8ae7dc03c6595
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/8defb1d22ba0395b81feb963b96e252b097ba76f
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/0d130158db29f5e0b3893154908cf618896450a8
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/0efb15c14c493263cb3a5f65f5ddfd4603d19a76
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/89af25bd4b4bf6a71295f07e07a8ae7dc03c6595
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/8defb1d22ba0395b81feb963b96e252b097ba76f
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://lists.fedoraproject.org/archives/list/[email protected]/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://lists.fedoraproject.org/archives/list/[email protected]/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://lists.fedoraproject.org/archives/list/[email protected]/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/0d130158db29f5e0b3893154908cf618896450a8
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/0efb15c14c493263cb3a5f65f5ddfd4603d19a76
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/6401038acfa24cba9c28cce410b7505efadd0222
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/756c5cb7c09e537b87b5d3acafcb101b2ccf394f
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/89af25bd4b4bf6a71295f07e07a8ae7dc03c6595
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/8defb1d22ba0395b81feb963b96e252b097ba76f
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/8f6b62125befe1675446923e4171eac2c012959c
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/0d130158db29f5e0b3893154908cf618896450a8
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/0efb15c14c493263cb3a5f65f5ddfd4603d19a76
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/6401038acfa24cba9c28cce410b7505efadd0222
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/756c5cb7c09e537b87b5d3acafcb101b2ccf394f
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/89af25bd4b4bf6a71295f07e07a8ae7dc03c6595
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/8defb1d22ba0395b81feb963b96e252b097ba76f
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/8f6b62125befe1675446923e4171eac2c012959c
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/0d130158db29f5e0b3893154908cf618896450a8
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/0efb15c14c493263cb3a5f65f5ddfd4603d19a76
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/6401038acfa24cba9c28cce410b7505efadd0222
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/756c5cb7c09e537b87b5d3acafcb101b2ccf394f
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/89af25bd4b4bf6a71295f07e07a8ae7dc03c6595
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/8defb1d22ba0395b81feb963b96e252b097ba76f
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/8f6b62125befe1675446923e4171eac2c012959c
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence