How severe is CVE-2024-26584?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-26584?

This is classified as CWE-755, which is a common weakness in software security.

CVE-2024-26584

MEDIUM Year: 2024

CVSS v3 Score

5.5

Medium

Weakness Type

CWE-755

View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. For example, when the cryptd queue for AESNI is full (easy to trigger with an artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued to the backlog but still processed. In that case, the async callback will also be called twice: first with err == -EINPROGRESS, which it seems we can just ignore, then with err == 0. Compared to Sabrina's original patch this version uses the new tls_*crypt_async_wait() helpers and converts the EBUSY to EINPROGRESS to avoid having to modify all the error handling paths. The handling is identical.

CVE-2017-18672

MEDIUM

CVSS:5.5(Medium)

An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. Because of incorrect exception handling for Intents, a local attacker can force a reboot within framewor...

CWE-7552017

CVE-2018-1677

MEDIUM

CVSS:5.5(Medium)

IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could...

CWE-7552018

CVE-2019-0143

MEDIUM

CVSS:5.5(Medium)

Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.

CWE-7552019

CVE-2019-20422

MEDIUM

CVSS:5.5(Medium)

In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified ...

CWE-7552019

CVE-2019-2240

MEDIUM

CVSS:5.5(Medium)

While sending the rendered surface content to the screen, Error handling is not properly checked results in an unpredictable behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, ...

CWE-7552019

CVE-2019-2241

MEDIUM

CVSS:5.5(Medium)

While rendering the layout background, Error status check is not caught properly and also incorrect status handling is being done leading to unintended SUI behaviour in Snapdragon Auto, Snapdragon Com...

CWE-7552019

CVE-2024-26584

Vulnerability Description

Related Vulnerabilities

CVE-2017-18672

CVE-2018-1677

CVE-2019-0143

CVE-2019-20422

CVE-2019-2240

CVE-2019-2241