CVE-2024-26603: x86/fpu: Stop relying on userspace for info to fault in xsave buffer

Published Feb 24, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

x86/fpu: Stop relying on userspace for info to fault in xsave buffer

Before this change, the expected size of the user space buffer was taken from fxsw->xstatesize. fxsw->xstatesize can be changed from user-space, so it is possible construct a sigreturn frame where:

fxsw->xstatesize is smaller than the size required by valid bits in fxsw->xfeatures. user-space unmaps parts of the sigrame fpu buffer so that not all of the buffer required by xrstor is accessible.

In this case, xrstor tries to restore and accesses the unmapped area which results in a fault. But faultinreadable succeeds because buf + fxsw->xstatesize is within the still mapped area, so it goes back and tries xrstor again. It will spin in this loop forever.

Instead, fault in the maximum size which can be touched by XRSTOR (taken from fpstate->usersize).

[ dhansen: tweak subject / changelog ]

Other sources

In the Linux kernel, the following vulnerability has been resolved:

x86/fpu: Stop relying on userspace for info to fault in xsave buffer

The Linux kernel CVE team has assigned CVE-2024-26603 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024022415-CVE-2024-26603-42c2@gregkh/T/#u

Red Hat

Linux Kernel is vulnerable to a denial of service, caused by the reliance of userspace for info to fault in xsave buffer. A local attacker could exploit this vulnerability to cause a segmentation fault.

IBM

Affected Software

13 affected componentsFixes available
Linux Linux kernel>=5.14.0<5.15.150
Linux Linux kernel>=5.16.0<6.1.79
Linux Linux kernel>=6.2.0<6.6.18
Linux Linux kernel>=6.7.0<6.7.6
redhat/kernel<6.1.79
6.1.79
redhat/kernel<6.6.18
6.6.18
redhat/kernel<6.7.6
6.7.6
redhat/kernel<6.8
6.8
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.22-16.12.25-1

Remediation

Patch Available

https://git.kernel.org/stable/c/627339cccdc9166792ecf96bc3c9f711a60ce996

Patch Available

https://git.kernel.org/stable/c/627e28cbb65564e55008315d9e02fbb90478beda

Patch Available

https://git.kernel.org/stable/c/8bd3eee7720c14b59a206bd05b98d7586bccf99a

Patch Available

https://git.kernel.org/stable/c/b2479ab426cef7ab79a13005650eff956223ced2

Patch Available

https://git.kernel.org/stable/c/d877550eaf2dc9090d782864c96939397a3c6835

Patch Available

https://git.kernel.org/linus/fcb3635f5018e53024c6be3c3213737f469f74ff

Patch Available

https://git.kernel.org/linus/d877550eaf2dc9090d782864c96939397a3c6835

Event History

Feb 24, 2024
CVE Published
via MITRE·02:56 PM
Data Sourced
via MITRE·02:56 PM
Description
Data Sourced
via Red Hat·05:40 PM
DescriptionSeverityAffected Software
Feb 26, 2024
Data Sourced
via NVD·04:28 PM
RemedyDescriptionSeverityWeaknessAffected Software
Jun 8, 2024
Data Sourced
via Launchpad·01:04 AM
Description
Apr 28, 2025
Data Sourced
via Ubuntu·02:18 PM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-26603?

CVE-2024-26603 is identified as an important-level vulnerability in the Linux kernel.

2

How do I fix CVE-2024-26603?

To fix CVE-2024-26603, update your Linux kernel to version 6.1.79 or later, or apply the latest patches for your specific distribution.

3

Which Linux kernel versions are affected by CVE-2024-26603?

CVE-2024-26603 affects Linux kernel versions from 5.14.0 up to 6.1.79.

4

What components are impacted by CVE-2024-26603?

CVE-2024-26603 affects the x86 floating-point unit (fpu) functionality within the Linux kernel.

5

Is CVE-2024-26603 a remote or local vulnerability?

CVE-2024-26603 is considered a local vulnerability, requiring an attacker to have local access to exploit.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203