{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-26675","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.151Z","datePublished":"2024-04-02T07:01:40.054Z","dateUpdated":"2026-05-11T20:02:01.178Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:02:01.178Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nppp_async: limit MRU to 64K\n\nsyzbot triggered a warning [1] in __alloc_pages():\n\nWARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)\n\nWillem fixed a similar issue in commit c0a2a1b0d631 (\"ppp: limit MRU to 64K\")\n\nAdopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)\n\n[1]:\n\n WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\nWorkqueue: events_unbound flush_to_ldisc\npstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\n lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537\nsp : ffff800093967580\nx29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000\nx26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0\nx23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8\nx20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120\nx17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005\nx14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000\nx11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001\nx8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f\nx5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020\nx2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0\nCall trace:\n  __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\n  __alloc_pages_node include/linux/gfp.h:238 [inline]\n  alloc_pages_node include/linux/gfp.h:261 [inline]\n  __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926\n  __do_kmalloc_node mm/slub.c:3969 [inline]\n  __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001\n  kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590\n  __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651\n  __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715\n  netdev_alloc_skb include/linux/skbuff.h:3235 [inline]\n  dev_alloc_skb include/linux/skbuff.h:3248 [inline]\n  ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]\n  ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341\n  tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390\n  tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37\n  receive_buf drivers/tty/tty_buffer.c:444 [inline]\n  flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494\n  process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n  process_scheduled_works kernel/workqueue.c:2706 [inline]\n  worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n  kthread+0x288/0x310 kernel/kthread.c:388\n  ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ppp/ppp_async.c"],"versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"56fae81633ccee307cfcb032f706bf1863a56982","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"b06e067e93fa4b98acfd3a9f38a398ab91bbc58b","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"4e2c4846b2507f6dfc9bea72b7567c2693a82a16","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"7e5ef49670766c9742ffcd9cead7cdb018268719","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"210d938f963dddc543b07e66a79b7d8d4bd00bd8","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"cb88cb53badb8aeb3955ad6ce80b07b598e310b8","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ppp/ppp_async.c"],"versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","status":"unaffected","versionType":"semver"},{"version":"4.19.307","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.269","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.210","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.149","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.78","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.17","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.5","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.19.307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.4.269"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.10.210"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.15.149"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.1.78"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.6.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.7.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed"},{"url":"https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982"},{"url":"https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b"},{"url":"https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3"},{"url":"https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16"},{"url":"https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719"},{"url":"https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8"},{"url":"https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8"}],"title":"ppp_async: limit MRU to 64K","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:14:12.841Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-26675","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:53:26.335519Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:36.657Z"}}]},"dataVersion":"5.2"}