Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2024-26659: ELSA-2024-3618: kernel update (MODERATE) (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Oracle Linux: CVE-2024-26659: ELSA-2024-3618: kernel update (MODERATE) (Multiple Advisories)

Severity
4
CVSS
(AV:L/AC:H/Au:M/C:N/I:N/A:C)
Published
04/02/2024
Created
06/07/2024
Added
06/06/2024
Modified
11/29/2024

Description

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes such assumption and releases the TD, allowing the remaining TRBs to be freed or overwritten by new TDs. The xHC should also report completion of the final TRB due to its IOC flag being set by us, regardless of prior errors. This event cannot be recognized if the TD has already been freed earlier, resulting in "Transfer event TRB DMA ptr not part of current TD" error message. Fix this by reusing the logic for processing isoc Transaction Errors. This also handles hosts which fail to report the final completion. Fix transfer length reporting on Babble errors. They may be caused by device malfunction, no guarantee that the buffer has been filled. A flaw was found in the Linux kernel related to the Extensible Host Controller Interface (xHCI) subsystem, specifically how it handles certain events. The issue arises when the xHCI driver improperly handles isochronous (isoc) Babble and Buffer Overrun events. The vulnerability occurs because the xHCI driver incorrectly assumes that the xHC (host controller) has released its ownership of a multi-TRB (Transfer Request Block) TD (Transfer Descriptor) after reporting an error on an early TRB. This assumption leads to the premature release of the TD, allowing remaining TRBs to be freed or overwritten, which can cause system instability or crashes.

Solution(s)

  • oracle-linux-upgrade-kernel

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;