How severe is CVE-2024-26630?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2024-26630?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2024-26630 - HIGH Severity | CVSS 7.1

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty and writeback flags. However, we do not hold a reference to the folio before performing these actions, which means the folio can concurrently be released and reused as another folio/page/slab. Get around this altogether by just using xarray's existing machinery for the folio page offsets and dirty/writeback states. This changes behavior for tmpfs files to now always report zeroes in their dirty and writeback counters. This is okay as tmpfs doesn't follow conventional writeback cache behavior: its pages get "cleaned" during swapout, after which they're no longer resident etc.

Related Vulnerabilities

CVE-2019-20600

HIGH

CVSS:7.1(High)

An issue was discovered on Samsung mobile devices with O(8.0) and P(9.0) (Exynos8890 chipsets) software. A use-after-free occurs in the MALI GPU driver. The Samsung ID is SVE-2019-13921-1 (May 2019).

CWE-4162019

CVE-2020-8428

HIGH

CVSS:7.1(High)

fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel m...

CWE-4162020

CVE-2020-8648

HIGH

CVSS:7.1(High)

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.

CWE-4162020

CVE-2021-30741

HIGH

CVSS:7.1(High)

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modif...

CWE-4162021

CVE-2021-3752

HIGH

CVSS:7.1(High)

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to ...

CWE-4162021

CVE-2022-0139

HIGH

CVSS:7.1(High)

Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.

CWE-4162022