medium
5.5
Advisory Published
Updated

CVE-2024-26844: block: Fix WARNING in _copy_from_iter

First published: Wed Apr 17 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: block: Fix WARNING in _copy_from_iter Syzkaller reports a warning in _copy_from_iter because an iov_iter is supposedly used in the wrong direction. The reason is that syzcaller managed to generate a request with a transfer direction of SG_DXFER_TO_FROM_DEV. This instructs the kernel to copy user buffers into the kernel, read into the copied buffers and then copy the data back to user space. Thus the iovec is used in both directions. Detect this situation in the block layer and construct a new iterator with the correct direction for the copy-in.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel
Linux Kernel<6.1.80
Linux Kernel>=6.2<6.6.19
Linux Kernel>=6.7<6.7.7
Linux Kernel=6.8-rc1

Remedy

https://git.kernel.org/stable/c/0f1bae071de9967602807472921829a54b2e5956

Remedy

https://git.kernel.org/stable/c/13f3956eb5681a4045a8dfdef48df5dc4d9f58a6

Remedy

https://git.kernel.org/stable/c/8fc80874103a5c20aebdc2401361aa01c817f75b

Remedy

https://git.kernel.org/stable/c/cbaf9be337f7da25742acfce325119e3395b1f1b

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-26844?

    The severity of CVE-2024-26844 has not been classified yet, but it addresses a warning in the Linux kernel's _copy_from_iter function.

  • How do I fix CVE-2024-26844?

    To fix CVE-2024-26844, update your Linux kernel to version 6.1.80 or apply the relevant patches from the official kernel sources.

  • Which versions of the Linux kernel are affected by CVE-2024-26844?

    CVE-2024-26844 affects Linux kernel versions from 6.2 to 6.6.19, including 6.8-rc1.

  • What is the impact of CVE-2024-26844 on system security?

    CVE-2024-26844 primarily reports a warning related to the use of iov_iter in an incorrect direction, which may affect the integrity of data transfer.

  • Is CVE-2024-26844 a remote exploit vulnerability?

    CVE-2024-26844 does not specify remote exploitation capabilities but addresses a warning generated during internal operations in the kernel.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203