CVE-2024-26606: binder: signal epoll threads of self-work
First published: Mon Feb 26 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read buffer and then make use of epoll_wait() or similar to consume any responses afterwards. It is then crucial that epoll threads are signaled via wakeup when they queue their own work. Otherwise, they risk waiting indefinitely for an event leaving their work unhandled. What is worse, subsequent commands won't trigger a wakeup either as the thread has pending work.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=2.6.29<4.19.307 | |
| Linux Kernel | >=4.20.0<5.4.269 | |
| Linux Kernel | >=5.5.0<5.10.210 | |
| Linux Kernel | >=5.11.0<5.15.149 | |
| Linux Kernel | >=5.16.0<6.1.79 | |
| Linux Kernel | >=6.2.0<6.6.18 | |
| Linux Kernel | >=6.7.0<6.7.6 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.11-1 6.12.12-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61
- https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc
- https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769
- https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240943af69
- https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7
- https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc
- https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68
- https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac
- https://launchpad.net/bugs/cve/CVE-2024-26606
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26606
- https://nvd.nist.gov/vuln/detail/CVE-2024-26606
- https://security-tracker.debian.org/tracker/CVE-2024-26606
- https://ubuntu.com/security/CVE-2024-26606
- https://git.kernel.org/linus/97830f3c3088638ff90b20dfba2eb4d487bf14d7
Frequently Asked Questions
What is the severity of CVE-2024-26606?
CVE-2024-26606 has been classified with a high severity due to its impact on the Linux kernel's binder component.
Which versions of the Linux kernel are affected by CVE-2024-26606?
CVE-2024-26606 affects various versions of the Linux kernel from 2.6.29 to 6.7.0.
How do I fix CVE-2024-26606?
To fix CVE-2024-26606, update your Linux kernel to the patched versions such as 5.10.223-1, 5.10.226-1, or newer.
What component of the Linux kernel is impacted by CVE-2024-26606?
CVE-2024-26606 impacts the binder component of the Linux kernel.
Is CVE-2024-26606 a remote code execution vulnerability?
No, CVE-2024-26606 relates to vulnerabilities in signal handling for threads, not remote code execution.
- agent/title
- agent/type
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/severity
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/references
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-api
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.29
- version/linux kernel/4.20.0
- version/linux kernel/5.5.0
- version/linux kernel/5.11.0
- version/linux kernel/5.16.0
- version/linux kernel/6.2.0
- version/linux kernel/6.7.0