VIR Vulnerability Intelligence Relay

CVE-2024-26907

high
Published 2024-11-12 · Modified 2024-07-02
CVSS v3
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2
VIR risk
7.8

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------[ cut here ]------------ memcpy: detected field-spanning write (size 56) of single field "eseg->inline_hdr.start" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2) WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy [last unloaded: mlx_compat(OE)] CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7 RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8 R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80 FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? show_regs+0x72/0x90 ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] ? __warn+0x8d/0x160 ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] ? report_bug+0x1bb/0x1d0 ? handle_bug+0x46/0x90 ? exc_invalid_op+0x19/0x80 ? asm_exc_invalid_op+0x1b/0x20 ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] mlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib] ipoib_send+0x2ec/0x770 [ib_ipoib] ipoib_start_xmit+0x5a0/0x770 [ib_ipoib] dev_hard_start_xmit+0x8e/0x1e0 ? validate_xmit_skb_list+0x4d/0x80 sch_direct_xmit+0x116/0x3a0 __dev_xmit_skb+0x1fd/0x580 __dev_queue_xmit+0x284/0x6b0 ? _raw_spin_unlock_irq+0xe/0x50 ? __flush_work.isra.0+0x20d/0x370 ? push_pseudo_header+0x17/0x40 [ib_ipoib] neigh_connected_output+0xcd/0x110 ip_finish_output2+0x179/0x480 ? __smp_call_single_queue+0x61/0xa0 __ip_finish_output+0xc3/0x190 ip_finish_output+0x2e/0xf0 ip_output+0x78/0x110 ? __pfx_ip_finish_output+0x10/0x10 ip_local_out+0x64/0x70 __ip_queue_xmit+0x18a/0x460 ip_queue_xmit+0x15/0x30 __tcp_transmit_skb+0x914/0x9c0 tcp_write_xmit+0x334/0x8d0 tcp_push_one+0x3c/0x60 tcp_sendmsg_locked+0x2e1/0xac0 tcp_sendmsg+0x2d/0x50 inet_sendmsg+0x43/0x90 sock_sendmsg+0x68/0x80 sock_write_iter+0x93/0x100 vfs_write+0x326/0x3c0 ksys_write+0xbd/0xf0 ? do_syscall_64+0x69/0x90 __x64_sys_write+0x19/0x30 do_syscall_ ---truncated---

Predictions

Exploit likelihood
75%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-4352.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:4352

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-4211.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2282920

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2282902

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2282735

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2282712

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2282698

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2282680

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2282653

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2282612

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2282609

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2282581

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2282472

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2282471

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2282400

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2282394

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281986

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281953

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281925

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281923

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281920

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281693

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281689

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281350

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281346

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281334

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281311

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281272

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281257

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281255

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281253

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281251

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281165

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281157

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281113

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2281057

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2280434

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2278354

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2278337

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2275733

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2275635

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2275633

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2275604

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2273429

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2273423

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2273278

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2273204

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2272829

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2272692

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2271680

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2270093

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2267730

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2267518

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2267513

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2266831

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2266408

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2265800

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2265520

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2265519

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2265517

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2258875

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2248122

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/1918601

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:4211

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-26907

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2024-26907.html

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:4211

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:4352

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RXSA-2024:4211

vendor Authored 2026-05-27

Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa

vendor Authored 2026-05-27

Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/cad82f1671e41094acd3b9a60cd27d67a3c64a21

vendor Authored 2026-05-27

Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/9a624a5f95733bac4648ecadb320ca83aa9c08fd

vendor Authored 2026-05-27

Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/60ba938a8bc8c90e724c75f98e932f9fb7ae1b9d

vendor Authored 2026-05-27

Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/4d5e86a56615cc387d21c629f9af8fb0e958d350

vendor Authored 2026-05-27

Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/185fa07000e0a81d54cf8c05414cebff14469a5c

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:9315

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment Red Hat statement This flaw only affects systems that actively use specific InfiniBand hardware, and because exploitation would require an attacker to have the means to cause or otherwise be able to profile network traffic over those interfaces, Red Hat assesses the impact of this vulnerability as Low. CVSS v3:…

Description

kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment

Red Hat statement

This flaw only affects systems that actively use specific InfiniBand hardware, and because exploitation would require an attacker to have the means to cause or otherwise be able to profile network traffic over those interfaces, Red Hat assesses the impact of this vulnerability as Low.

CVSS v3: 6.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10RHSA-2024:43522024-07-08T00:00:00Z
Red Hat Enterprise Linux 8kernel-0:4.18.0-553.8.1.el8_10RHSA-2024:42112024-07-02T00:00:00Z
Red Hat Enterprise Linux 9kernel-0:5.14.0-503.11.1.el9_5RHSA-2024:93152024-11-12T00:00:00Z
Red Hat Enterprise Linux 9kernel-0:5.14.0-503.11.1.el9_5RHSA-2024:93152024-11-12T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Supportkernel-0:5.14.0-427.70.1.el9_4RHSA-2025:82482025-05-28T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 9kernel-rtAffected

Apply commands

bash fix
Apply RHSA-2024:4352 for Red Hat Enterprise Linux 8
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rt

Affected

VendorProductVersion
redhatRed Hat Enterprise Linux 9Affected

OS impact
OSVersionStatusFixed in
redhat rhel9fixed
rockylinux rocky8fixed
suse slesaffected
debian debianbookwormfixed6.1.85-1
debian debianbullseyefixed5.10.216-1
debian debianforkyfixed6.7.12-1
debian debiansidfixed6.7.12-1
debian debiantrixiefixed6.7.12-1
linux linux-kernelaffected5.10.214
almalinux almalinux8fixedkernel-abi-stablelists-4.18.0-553.8.1.el8_10.noarch.rpm

References

CWEs

CWE-416

Verify integrity in audit chain (admin only). AS-IS.