CVE-2024-26894 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() After unregistering the CPU idle device, the memory associated with it is not freed, leading to a memory leak: unreferenced object 0xffff896282f6c000 (size 1024): comm "swapper/0", pid 1, jiffies 4294893170 hex dump (first 32 bytes): 00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 8836a742): [<ffffffff993495ed>] kmalloc_trace+0x29d/0x340 [<ffffffff9972f3b3>] acpi_processor_power_init+0xf3/0x1c0 [<ffffffff9972d263>] __acpi_processor_start+0xd3/0xf0 [<ffffffff9972d2bc>] acpi_processor_start+0x2c/0x50 [<ffffffff99805872>] really_probe+0xe2/0x480 [<ffffffff99805c98>] __driver_probe_device+0x78/0x160 [<ffffffff99805daf>] driver_probe_device+0x1f/0x90 [<ffffffff9980601e>] __driver_attach+0xce/0x1c0 [<ffffffff99803170>] bus_for_each_dev+0x70/0xc0 [<ffffffff99804822>] bus_add_driver+0x112/0x210 [<ffffffff99807245>] driver_register+0x55/0x100 [<ffffffff9aee4acb>] acpi_processor_driver_init+0x3b/0xc0 [<ffffffff990012d1>] do_one_initcall+0x41/0x300 [<ffffffff9ae7c4b0>] kernel_init_freeable+0x320/0x470 [<ffffffff99b231f6>] kernel_init+0x16/0x1b0 [<ffffffff99042e6d>] ret_from_fork+0x2d/0x50 Fix this by freeing the CPU idle device after unregistering it.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel Eus

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:7001	2024-09-24T00:00:00Z
kernel-0:4.18.0-553.22.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:7000	2024-09-24T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
kernel-0:5.14.0-427.57.1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:2270	2025-03-05T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2
https://git.kernel.org/stable/c/3d48e5be107429ff5d824e7f2a00d1b610d36fbc
https://git.kernel.org/stable/c/8d14a4d0afb49a5b8535d414c782bb334860e73e
https://git.kernel.org/stable/c/c2a30c81bf3cb9033fa9f5305baf7c377075e2e5
https://git.kernel.org/stable/c/cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9
https://git.kernel.org/stable/c/d351bcadab6caa6d8ce7159ff4b77e2da35c09fa
https://git.kernel.org/stable/c/e18afcb7b2a12b635ac10081f943fcf84ddacc51
https://git.kernel.org/stable/c/ea96bf3f80625cddba1391a87613356b1b45716d
https://git.kernel.org/stable/c/fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lore.kernel.org/linux-cve-announce/2024041743-CVE-2024-26894-53ad@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26894
https://www.cve.org/CVERecord?id=CVE-2024-26894

History

Fri, 21 Mar 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux Linux Linux linux Kernel
CPEs		cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Debian Debian debian Linux Linux Linux linux Kernel

Wed, 05 Mar 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.4
Vendors & Products		Redhat rhel Eus

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Wed, 13 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9

Tue, 05 Nov 2024 10:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Fri, 01 Nov 2024 08:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-770
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 24 Sep 2024 11:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:8

Tue, 24 Sep 2024 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv
Vendors & Products		Redhat Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-17T10:27:45.960Z

Updated: 2025-05-04T08:59:04.768Z

Reserved: 2024-02-19T14:20:24.186Z

Link: CVE-2024-26894

Vulnrichment

Updated: 2024-08-02T00:21:05.515Z

NVD

Status : Analyzed

Published: 2024-04-17T11:15:10.630

Modified: 2025-03-21T14:43:42.297

Link: CVE-2024-26894

Redhat

Severity : Low

Publid Date: 2024-04-17T00:00:00Z

Links: CVE-2024-26894 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-26894", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.186Z", "datePublished": "2024-04-17T10:27:45.960Z", "dateUpdated": "2025-05-04T08:59:04.768Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:59:04.768Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()\n\nAfter unregistering the CPU idle device, the memory associated with\nit is not freed, leading to a memory leak:\n\nunreferenced object 0xffff896282f6c000 (size 1024):\n comm \"swapper/0\", pid 1, jiffies 4294893170\n hex dump (first 32 bytes):\n 00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 8836a742):\n [<ffffffff993495ed>] kmalloc_trace+0x29d/0x340\n [<ffffffff9972f3b3>] acpi_processor_power_init+0xf3/0x1c0\n [<ffffffff9972d263>] __acpi_processor_start+0xd3/0xf0\n [<ffffffff9972d2bc>] acpi_processor_start+0x2c/0x50\n [<ffffffff99805872>] really_probe+0xe2/0x480\n [<ffffffff99805c98>] __driver_probe_device+0x78/0x160\n [<ffffffff99805daf>] driver_probe_device+0x1f/0x90\n [<ffffffff9980601e>] __driver_attach+0xce/0x1c0\n [<ffffffff99803170>] bus_for_each_dev+0x70/0xc0\n [<ffffffff99804822>] bus_add_driver+0x112/0x210\n [<ffffffff99807245>] driver_register+0x55/0x100\n [<ffffffff9aee4acb>] acpi_processor_driver_init+0x3b/0xc0\n [<ffffffff990012d1>] do_one_initcall+0x41/0x300\n [<ffffffff9ae7c4b0>] kernel_init_freeable+0x320/0x470\n [<ffffffff99b231f6>] kernel_init+0x16/0x1b0\n [<ffffffff99042e6d>] ret_from_fork+0x2d/0x50\n\nFix this by freeing the CPU idle device after unregistering it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/acpi/processor_idle.c"], "versions": [{"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "d351bcadab6caa6d8ce7159ff4b77e2da35c09fa", "status": "affected", "versionType": "git"}, {"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "ea96bf3f80625cddba1391a87613356b1b45716d", "status": "affected", "versionType": "git"}, {"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "c2a30c81bf3cb9033fa9f5305baf7c377075e2e5", "status": "affected", "versionType": "git"}, {"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2", "status": "affected", "versionType": "git"}, {"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8", "status": "affected", "versionType": "git"}, {"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "3d48e5be107429ff5d824e7f2a00d1b610d36fbc", "status": "affected", "versionType": "git"}, {"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "8d14a4d0afb49a5b8535d414c782bb334860e73e", "status": "affected", "versionType": "git"}, {"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9", "status": "affected", "versionType": "git"}, {"version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "e18afcb7b2a12b635ac10081f943fcf84ddacc51", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/acpi/processor_idle.c"], "versions": [{"version": "3.7", "status": "affected"}, {"version": "0", "lessThan": "3.7", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.311", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.273", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.214", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.153", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.83", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.23", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "4.19.311"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "5.4.273"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "5.10.214"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "5.15.153"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "6.1.83"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "6.6.23"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "6.7.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "6.8.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/d351bcadab6caa6d8ce7159ff4b77e2da35c09fa"}, {"url": "https://git.kernel.org/stable/c/ea96bf3f80625cddba1391a87613356b1b45716d"}, {"url": "https://git.kernel.org/stable/c/c2a30c81bf3cb9033fa9f5305baf7c377075e2e5"}, {"url": "https://git.kernel.org/stable/c/1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2"}, {"url": "https://git.kernel.org/stable/c/fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8"}, {"url": "https://git.kernel.org/stable/c/3d48e5be107429ff5d824e7f2a00d1b610d36fbc"}, {"url": "https://git.kernel.org/stable/c/8d14a4d0afb49a5b8535d414c782bb334860e73e"}, {"url": "https://git.kernel.org/stable/c/cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9"}, {"url": "https://git.kernel.org/stable/c/e18afcb7b2a12b635ac10081f943fcf84ddacc51"}], "title": "ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.515Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/d351bcadab6caa6d8ce7159ff4b77e2da35c09fa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ea96bf3f80625cddba1391a87613356b1b45716d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c2a30c81bf3cb9033fa9f5305baf7c377075e2e5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3d48e5be107429ff5d824e7f2a00d1b610d36fbc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8d14a4d0afb49a5b8535d414c782bb334860e73e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e18afcb7b2a12b635ac10081f943fcf84ddacc51", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-770", "lang": "en", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-06T16:56:24.973748Z", "id": "CVE-2024-26894", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-06T16:57:05.473Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/d351bcadab6caa6d8ce7159ff4b77e2da35c09fa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ea96bf3f80625cddba1391a87613356b1b45716d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c2a30c81bf3cb9033fa9f5305baf7c377075e2e5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3d48e5be107429ff5d824e7f2a00d1b610d36fbc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8d14a4d0afb49a5b8535d414c782bb334860e73e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e18afcb7b2a12b635ac10081f943fcf84ddacc51", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.515Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-26894", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-06T16:56:24.973748Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-25T17:46:39.897Z"}}], "cna": {"title": "ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "d351bcadab6caa6d8ce7159ff4b77e2da35c09fa", "versionType": "git"}, {"status": "affected", "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "ea96bf3f80625cddba1391a87613356b1b45716d", "versionType": "git"}, {"status": "affected", "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "c2a30c81bf3cb9033fa9f5305baf7c377075e2e5", "versionType": "git"}, {"status": "affected", "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2", "versionType": "git"}, {"status": "affected", "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8", "versionType": "git"}, {"status": "affected", "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "3d48e5be107429ff5d824e7f2a00d1b610d36fbc", "versionType": "git"}, {"status": "affected", "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "8d14a4d0afb49a5b8535d414c782bb334860e73e", "versionType": "git"}, {"status": "affected", "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9", "versionType": "git"}, {"status": "affected", "version": "3d339dcbb56d8d70c1b959aff87d74adc3a84eea", "lessThan": "e18afcb7b2a12b635ac10081f943fcf84ddacc51", "versionType": "git"}], "programFiles": ["drivers/acpi/processor_idle.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.7"}, {"status": "unaffected", "version": "0", "lessThan": "3.7", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.311", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.273", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.214", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.153", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.83", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.23", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.11", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.2", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/acpi/processor_idle.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/d351bcadab6caa6d8ce7159ff4b77e2da35c09fa"}, {"url": "https://git.kernel.org/stable/c/ea96bf3f80625cddba1391a87613356b1b45716d"}, {"url": "https://git.kernel.org/stable/c/c2a30c81bf3cb9033fa9f5305baf7c377075e2e5"}, {"url": "https://git.kernel.org/stable/c/1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2"}, {"url": "https://git.kernel.org/stable/c/fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8"}, {"url": "https://git.kernel.org/stable/c/3d48e5be107429ff5d824e7f2a00d1b610d36fbc"}, {"url": "https://git.kernel.org/stable/c/8d14a4d0afb49a5b8535d414c782bb334860e73e"}, {"url": "https://git.kernel.org/stable/c/cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9"}, {"url": "https://git.kernel.org/stable/c/e18afcb7b2a12b635ac10081f943fcf84ddacc51"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()\n\nAfter unregistering the CPU idle device, the memory associated with\nit is not freed, leading to a memory leak:\n\nunreferenced object 0xffff896282f6c000 (size 1024):\n comm \"swapper/0\", pid 1, jiffies 4294893170\n hex dump (first 32 bytes):\n 00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 8836a742):\n [<ffffffff993495ed>] kmalloc_trace+0x29d/0x340\n [<ffffffff9972f3b3>] acpi_processor_power_init+0xf3/0x1c0\n [<ffffffff9972d263>] __acpi_processor_start+0xd3/0xf0\n [<ffffffff9972d2bc>] acpi_processor_start+0x2c/0x50\n [<ffffffff99805872>] really_probe+0xe2/0x480\n [<ffffffff99805c98>] __driver_probe_device+0x78/0x160\n [<ffffffff99805daf>] driver_probe_device+0x1f/0x90\n [<ffffffff9980601e>] __driver_attach+0xce/0x1c0\n [<ffffffff99803170>] bus_for_each_dev+0x70/0xc0\n [<ffffffff99804822>] bus_add_driver+0x112/0x210\n [<ffffffff99807245>] driver_register+0x55/0x100\n [<ffffffff9aee4acb>] acpi_processor_driver_init+0x3b/0xc0\n [<ffffffff990012d1>] do_one_initcall+0x41/0x300\n [<ffffffff9ae7c4b0>] kernel_init_freeable+0x320/0x470\n [<ffffffff99b231f6>] kernel_init+0x16/0x1b0\n [<ffffffff99042e6d>] ret_from_fork+0x2d/0x50\n\nFix this by freeing the CPU idle device after unregistering it."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:49:40.629Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26894", "state": "PUBLISHED", "dateUpdated": "2025-02-06T16:57:05.473Z", "dateReserved": "2024-02-19T14:20:24.186Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-17T10:27:45.960Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C15CF0C6-B6A3-4B4F-BBFD-31316634E47F", "versionEndExcluding": "4.19.311", "versionStartIncluding": "3.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "620FD8B7-BF03-43E0-951A-0A58461D4C55", "versionEndExcluding": "5.4.273", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "65987874-467B-4D3B-91D6-68A129B34FB8", "versionEndExcluding": "5.10.214", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACB69438-845D-4E3C-B114-3140611F9C0B", "versionEndExcluding": "5.15.153", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "121A07F6-F505-4C47-86BF-9BB6CC7B6C19", "versionEndExcluding": "6.1.83", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E00814DC-0BA7-431A-9926-80FEB4A96C68", "versionEndExcluding": "6.6.23", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD", "versionEndExcluding": "6.7.11", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1", "versionEndExcluding": "6.8.2", "versionStartIncluding": "6.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()\n\nAfter unregistering the CPU idle device, the memory associated with\nit is not freed, leading to a memory leak:\n\nunreferenced object 0xffff896282f6c000 (size 1024):\n comm \"swapper/0\", pid 1, jiffies 4294893170\n hex dump (first 32 bytes):\n 00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 8836a742):\n [<ffffffff993495ed>] kmalloc_trace+0x29d/0x340\n [<ffffffff9972f3b3>] acpi_processor_power_init+0xf3/0x1c0\n [<ffffffff9972d263>] __acpi_processor_start+0xd3/0xf0\n [<ffffffff9972d2bc>] acpi_processor_start+0x2c/0x50\n [<ffffffff99805872>] really_probe+0xe2/0x480\n [<ffffffff99805c98>] __driver_probe_device+0x78/0x160\n [<ffffffff99805daf>] driver_probe_device+0x1f/0x90\n [<ffffffff9980601e>] __driver_attach+0xce/0x1c0\n [<ffffffff99803170>] bus_for_each_dev+0x70/0xc0\n [<ffffffff99804822>] bus_add_driver+0x112/0x210\n [<ffffffff99807245>] driver_register+0x55/0x100\n [<ffffffff9aee4acb>] acpi_processor_driver_init+0x3b/0xc0\n [<ffffffff990012d1>] do_one_initcall+0x41/0x300\n [<ffffffff9ae7c4b0>] kernel_init_freeable+0x320/0x470\n [<ffffffff99b231f6>] kernel_init+0x16/0x1b0\n [<ffffffff99042e6d>] ret_from_fork+0x2d/0x50\n\nFix this by freeing the CPU idle device after unregistering it."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: procesador_idle: corrige la p\u00e9rdida de memoria en acpi_processor_power_exit() Despu\u00e9s de cancelar el registro del dispositivo de CPU inactivo, la memoria asociada con \u00e9l no se libera, lo que genera una p\u00e9rdida de memoria: objeto sin referencia 0xffff896282f6c000 (tama\u00f1o 1024): comunicaci\u00f3n \"swapper/0\", pid 1, santiam\u00e9n 4294893170 volcado hexadecimal (primeros 32 bytes): 00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ........... ..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ retroceso (crc 8836a742): [] kmalloc_trace+ 0x29d/0x340 [] acpi_processor_power_init+0xf3/0x1c0 [] __acpi_processor_start+0xd3/0xf0 [] acpi_processor_start+0x2c/0x50 [] realmente_probe+0xe2/0x480 [] __driver_probe_device+ 0x78/0x160 [] driver_probe_device+0x1f/0x90 [] __driver_attach+0xce/0x1c0 [] bus_for_each_dev+0x70/0xc0 [] bus_add_driver+0x112/0x210 [] driver_register+ 0x55/0x100 [] acpi_processor_driver_init+0x3b/0xc0 [] do_one_initcall+0x41/0x300 [] kernel_init_freeable+0x320/0x470 [] kernel_init+0x16/0x1b0 [] ret_from_fork+ 0x2d/0x50 Solucione este problema liberando el dispositivo de CPU inactivo despu\u00e9s de cancelar su registro."}], "id": "CVE-2024-26894", "lastModified": "2025-03-21T14:43:42.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-17T11:15:10.630", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3d48e5be107429ff5d824e7f2a00d1b610d36fbc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8d14a4d0afb49a5b8535d414c782bb334860e73e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c2a30c81bf3cb9033fa9f5305baf7c377075e2e5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d351bcadab6caa6d8ce7159ff4b77e2da35c09fa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e18afcb7b2a12b635ac10081f943fcf84ddacc51"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ea96bf3f80625cddba1391a87613356b1b45716d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1cbaf4c793b0808532f4e7b40bc4be7cec2c78f2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3d48e5be107429ff5d824e7f2a00d1b610d36fbc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8d14a4d0afb49a5b8535d414c782bb334860e73e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c2a30c81bf3cb9033fa9f5305baf7c377075e2e5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cd5c2d0b09d5b6d3f0a7bbabe6761a4997e9dee9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d351bcadab6caa6d8ce7159ff4b77e2da35c09fa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e18afcb7b2a12b635ac10081f943fcf84ddacc51"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ea96bf3f80625cddba1391a87613356b1b45716d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fad9bcd4d754cc689c19dc04d2c44b82c1a5d6c8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2025:2270", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.57.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-03-05T00:00:00Z"}], "bugzilla": {"description": "kernel: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()", "id": "2275661", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275661"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "verified"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()\nAfter unregistering the CPU idle device, the memory associated with\nit is not freed, leading to a memory leak:\nunreferenced object 0xffff896282f6c000 (size 1024):\ncomm \"swapper/0\", pid 1, jiffies 4294893170\nhex dump (first 32 bytes):\n00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace (crc 8836a742):\n[<ffffffff993495ed>] kmalloc_trace+0x29d/0x340\n[<ffffffff9972f3b3>] acpi_processor_power_init+0xf3/0x1c0\n[<ffffffff9972d263>] __acpi_processor_start+0xd3/0xf0\n[<ffffffff9972d2bc>] acpi_processor_start+0x2c/0x50\n[<ffffffff99805872>] really_probe+0xe2/0x480\n[<ffffffff99805c98>] __driver_probe_device+0x78/0x160\n[<ffffffff99805daf>] driver_probe_device+0x1f/0x90\n[<ffffffff9980601e>] __driver_attach+0xce/0x1c0\n[<ffffffff99803170>] bus_for_each_dev+0x70/0xc0\n[<ffffffff99804822>] bus_add_driver+0x112/0x210\n[<ffffffff99807245>] driver_register+0x55/0x100\n[<ffffffff9aee4acb>] acpi_processor_driver_init+0x3b/0xc0\n[<ffffffff990012d1>] do_one_initcall+0x41/0x300\n[<ffffffff9ae7c4b0>] kernel_init_freeable+0x320/0x470\n[<ffffffff99b231f6>] kernel_init+0x16/0x1b0\n[<ffffffff99042e6d>] ret_from_fork+0x2d/0x50\nFix this by freeing the CPU idle device after unregistering it."], "name": "CVE-2024-26894", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26894\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26894\nhttps://lore.kernel.org/linux-cve-announce/2024041743-CVE-2024-26894-53ad@gregkh/T"], "threat_severity": "Low"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object