CVE-2024-26843: efi: runtime: Fix potential overflow of soft-reserved region size
In the Linux kernel, the following vulnerability has been resolved:
efi: runtime: Fix potential overflow of soft-reserved region size
mdsize will have been narrowed if we have >= 4GB worth of pages in a soft-reserved region.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
efi: runtime: Fix potential overflow of soft-reserved region size
The Linux kernel CVE team has assigned CVE-2024-26843 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024041716-CVE-2024-26843-51a0@gregkh/T
— Red Hat
Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a stack-based buffer overflow in soft-reserved region size mdsize. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-26843?
CVE-2024-26843 has been assigned a medium severity due to potential overflow issues in the Linux kernel.
How do I fix CVE-2024-26843?
To fix CVE-2024-26843, update your kernel to the patched versions specified by your distribution such as Red Hat or Debian.
Which versions of the Linux kernel are affected by CVE-2024-26843?
CVE-2024-26843 affects Linux kernel versions prior to 5.10.211, 5.15.150, 6.1.80, 6.6.19, 6.7.7, and 6.8.
Is CVE-2024-26843 specific to any Linux distributions?
Yes, CVE-2024-26843 affects specific kernel packages from Red Hat and Debian distributions.
What impact does CVE-2024-26843 have on users?
Users may experience system instability or vulnerabilities that could be exploited, thus running unpatched versions is risky.