CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-26824: crypto: algif_hash - Remove bogus SGL free on zero-length error path

Description

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_hash - Remove bogus SGL free on zero-length error path

When a zero-length message is hashed by algif_hash, and an error
is triggered, it tries to free an SG list that was never allocated
in the first place. Fix this by not freeing the SG list on the
zero-length error path.

Classification

CVE ID: CVE-2024-26824

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.83% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/9c82920359b7c1eddaf72069bcfe0ffddf088cd0
https://git.kernel.org/stable/c/775f3c1882a493168e08fdb8cde0865c8f3a8a29
https://git.kernel.org/stable/c/24c890dd712f6345e382256cae8c97abb0406b70

Timeline

2024-12-20 00:34:20 UTC
CVE

crypto: algif_hash - Remove bogus SGL free on zero-length error path