CVE-2024-26659: xhci: handle isoc Babble and Buffer Overrun events properly
First published: Tue Apr 02 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly The Linux kernel CVE team has assigned <a href="https://access.redhat.com/security/cve/CVE-2024-26659">CVE-2024-26659</a> to this issue. Upstream advisory: <a href="https://lore.kernel.org/linux-cve-announce/2024040222-CVE-2024-26659-e4f6@gregkh/T">https://lore.kernel.org/linux-cve-announce/2024040222-CVE-2024-26659-e4f6@gregkh/T</a>
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <5.10.213 | 5.10.213 |
| redhat/kernel | <5.15.152 | 5.15.152 |
| redhat/kernel | <6.1.82 | 6.1.82 |
| redhat/kernel | <6.6.17 | 6.6.17 |
| redhat/kernel | <6.7.5 | 6.7.5 |
| redhat/kernel | <6.8 | 6.8 |
| Linux Kernel | <5.10.213 | |
| Linux Kernel | >=5.11<5.15.152 | |
| Linux Kernel | >=5.16<6.1.82 | |
| Linux Kernel | >=6.2<6.6.17 | |
| Linux Kernel | >=6.7<6.7.5 | |
| Linux Kernel | =6.8-rc1 | |
| Linux Kernel | =6.8-rc2 | |
| Debian Linux | =10.0 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.21-1 | |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Software Stack | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Virtual Appliance | <=ISVG 10.0.2 | |
| IBM Security Verify Governance Identity Manager Container | <=ISVG 10.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/2aa7bcfdbb46241c701811bbc0d64d7884e3346c
- https://git.kernel.org/stable/c/2e3ec80ea7ba58bbb210e83b5a0afefee7c171d3
- https://git.kernel.org/stable/c/418456c0ce56209610523f21734c5612ee634134
- https://git.kernel.org/stable/c/696e4112e5c1ee61996198f0ebb6ca3fab55166e
- https://git.kernel.org/stable/c/7c4650ded49e5b88929ecbbb631efb8b0838e811
- https://git.kernel.org/stable/c/f5e7ffa9269a448a720e21f1ed1384d118298c97
- https://launchpad.net/bugs/cve/CVE-2024-26659
- https://access.redhat.com/security/cve/CVE-2024-26659
- https://lore.kernel.org/linux-cve-announce/2024040222-CVE-2024-26659-e4f6@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2272781
- https://access.redhat.com/errata/RHSA-2024:3618
- https://access.redhat.com/errata/RHSA-2024:3627
- https://bugzilla.redhat.com/show_bug.cgi?id=2272780
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26659
- https://nvd.nist.gov/vuln/detail/CVE-2024-26659
- https://security-tracker.debian.org/tracker/CVE-2024-26659
- https://ubuntu.com/security/CVE-2024-26659
- https://git.kernel.org/linus/7c4650ded49e5b88929ecbbb631efb8b0838e811
- https://www.ibm.com/support/pages/node/7230443 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-26659?
CVE-2024-26659 has a high severity rating due to potential risks associated with improper handling of isochronous Babble and Buffer Overrun events in the Linux kernel.
How do I fix CVE-2024-26659?
To fix CVE-2024-26659, users should update their Linux kernel to version 5.10.213, 5.15.152, 6.1.82, 6.6.17, 6.7.5, 6.8 or apply other relevant updates provided by their distribution.
Which Linux kernel versions are vulnerable to CVE-2024-26659?
The vulnerable Linux kernel versions include 5.10.x up to 5.10.213, 5.15.x up to 5.15.152, as well as specific versions in the 6.x series prior to the resolution.
What types of systems are affected by CVE-2024-26659?
CVE-2024-26659 affects systems running vulnerable versions of the Linux kernel, typically used in various Linux distributions such as Red Hat and Debian.
Is CVE-2024-26659 related to USB events?
Yes, CVE-2024-26659 specifically addresses vulnerabilities related to the handling of USB isochronous Babble and Buffer Overrun events in the Linux kernel.
- agent/title
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-26659
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/remedy
- agent/severity
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/last-modified-date
- agent/references
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.8-rc1
- version/linux kernel/6.8-rc2
- vendor/debian
- canonical/debian linux
- version/debian linux/10.0
- package-manager/debian
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2
- canonical/ibm security verify governance, identity manager software stack
- version/ibm security verify governance, identity manager software stack/isvg 10.0.2
- canonical/ibm security verify governance, identity manager virtual appliance
- version/ibm security verify governance, identity manager virtual appliance/isvg 10.0.2
- canonical/ibm security verify governance identity manager container
- version/ibm security verify governance identity manager container/isvg 10.0.2