1224610 – (CVE-2024-35826) VUL-0: CVE-2024-35826: kernel: block: Fix page refcounts for unaligned buffers in __bio_release_pages()

Bug 1224610 (CVE-2024-35826) - VUL-0: CVE-2024-35826: kernel: block: Fix page refcounts for unaligned buffers in __bio_release_pages()

Summary: VUL-0: CVE-2024-35826: kernel: block: Fix page refcounts for unaligned buffer...

Status:	RESOLVED FIXED

Alias:	CVE-2024-35826

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/406440/
Whiteboard:	CVSSv3.1:SUSE:CVE-2024-35826:5.5:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-05-20 15:30 UTC by SMASH SMASH
Modified:	2024-05-29 12:07 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-05-20 15:30:19 UTC

In the Linux kernel, the following vulnerability has been resolved:

block: Fix page refcounts for unaligned buffers in __bio_release_pages()

Fix an incorrect number of pages being released for buffers that do not
start at the beginning of a page.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-35826
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-35826.mbox
https://git.kernel.org/stable/c/242006996d15f5ca62e22f8c7de077d9c4a8f367
https://git.kernel.org/stable/c/7d3765550374f71248c55e6206ea1d6fd4537e65
https://git.kernel.org/stable/c/ecbd9ced84dd655a8f4cd49d2aad0e80dbf6bf35
https://git.kernel.org/stable/c/c9d3d2fbde9b8197bce88abcbe8ee8e713ffe7c2
https://git.kernel.org/stable/c/38b43539d64b2fa020b3b9a752a986769f87f7a6
https://www.cve.org/CVERecord?id=CVE-2024-35826
https://bugzilla.redhat.com/show_bug.cgi?id=2281185

Comment 1 Joey Lee 2024-05-21 08:44:43 UTC

https://www.suse.com/security/cve/CVE-2024-35826.html
cvss 5.5

Comment 3 Joey Lee 2024-05-24 08:15:01 UTC

Nothing to be done

Comment 4 Andrea Mattiazzo 2024-05-29 12:07:25 UTC

All done, closing.