Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the "startup_xen" entry point. This information is used prior to booting the kernel, so relocations are not useful. In fact, performing relocations against the .notes section means that the KASLR base is exposed since /sys/kernel/notes is world-readable. To avoid leaking the KASLR base without breaking unprivileged tools that are expecting to read /sys/kernel/notes, skip performing relocations in the .notes section. The values readable in .notes are then identical to those found in System.map.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.23, < 4.19.311 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03Patch
- https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723Patch
- https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088Patch
- https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40Patch
- https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20aPatch
- https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3bPatch
- https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aaPatch
- https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1cPatch
- https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9afPatch
- https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03Patch
- https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723Patch
- https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088Patch
- https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40Patch
- https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20aPatch
- https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3bPatch
FAQ
What is CVE-2024-26816?
CVE-2024-26816 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes se...
How severe is CVE-2024-26816?
CVE-2024-26816 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-26816?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.