{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-26926","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.194Z","datePublished":"2024-04-24T23:23:40.600Z","dateUpdated":"2026-05-11T20:07:03.538Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:07:03.538Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: check offset alignment in binder_get_object()\n\nCommit 6d98eb95b450 (\"binder: avoid potential data leakage when copying\ntxn\") introduced changes to how binder objects are copied. In doing so,\nit unintentionally removed an offset alignment check done through calls\nto binder_alloc_copy_from_buffer() -> check_buffer().\n\nThese calls were replaced in binder_get_object() with copy_from_user(),\nso now an explicit offset alignment check is needed here. This avoids\nlater complications when unwinding the objects gets harder.\n\nIt is worth noting this check existed prior to commit 7a67a39320df\n(\"binder: add function to copy binder object from buffer\"), likely\nremoved due to redundancy at the time."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/android/binder.c"],"versions":[{"version":"c056a6ba35e00ae943e377eb09abd77a6915b31a","lessThan":"68a28f551e4690db2b27b3db716c7395f6fada12","status":"affected","versionType":"git"},{"version":"23e9d815fad84c1bee3742a8de4bd39510435362","lessThan":"48a1f83ca9c68518b1a783c62e6a8223144fa9fc","status":"affected","versionType":"git"},{"version":"7a9ad4aceb0226b391c9d3b8e4ac2e7d438b6bde","lessThan":"a2fd6dbc98be1105a1d8e9e31575da8873ef115c","status":"affected","versionType":"git"},{"version":"6d98eb95b450a75adb4516a1d33652dc78d2b20c","lessThan":"a6d2a8b211c874971ee4cf3ddd167408177f6e76","status":"affected","versionType":"git"},{"version":"6d98eb95b450a75adb4516a1d33652dc78d2b20c","lessThan":"1d7f1049035b2060342f11eff957cf567d810bdc","status":"affected","versionType":"git"},{"version":"6d98eb95b450a75adb4516a1d33652dc78d2b20c","lessThan":"f01d6619045704d78613b14e2e0420bfdb7f1c15","status":"affected","versionType":"git"},{"version":"6d98eb95b450a75adb4516a1d33652dc78d2b20c","lessThan":"aaef73821a3b0194a01bd23ca77774f704a04d40","status":"affected","versionType":"git"},{"version":"66e12f5b3a9733f941893a00753b10498724607d","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/android/binder.c"],"versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","status":"unaffected","versionType":"semver"},{"version":"5.4.275","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.216","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.157","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.88","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.29","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.8.8","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.226","versionEndExcluding":"5.4.275"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.157","versionEndExcluding":"5.10.216"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.17","versionEndExcluding":"5.15.157"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.1.88"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.6.29"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.8.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16.3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/68a28f551e4690db2b27b3db716c7395f6fada12"},{"url":"https://git.kernel.org/stable/c/48a1f83ca9c68518b1a783c62e6a8223144fa9fc"},{"url":"https://git.kernel.org/stable/c/a2fd6dbc98be1105a1d8e9e31575da8873ef115c"},{"url":"https://git.kernel.org/stable/c/a6d2a8b211c874971ee4cf3ddd167408177f6e76"},{"url":"https://git.kernel.org/stable/c/1d7f1049035b2060342f11eff957cf567d810bdc"},{"url":"https://git.kernel.org/stable/c/f01d6619045704d78613b14e2e0420bfdb7f1c15"},{"url":"https://git.kernel.org/stable/c/aaef73821a3b0194a01bd23ca77774f704a04d40"}],"title":"binder: check offset alignment in binder_get_object()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"affected":[{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"c056a6ba35e0","status":"affected","lessThan":"68a28f551e46","versionType":"custom"},{"version":"23e9d815fad8","status":"affected","lessThan":"48a1f83ca9c6","versionType":"custom"},{"version":"7a9ad4aceb02","status":"affected","lessThan":"a2fd6dbc98be","versionType":"custom"},{"version":"6d98eb95b450","status":"affected","lessThan":"a6d2a8b211c8","versionType":"custom"},{"version":"6d98eb95b450","status":"affected","lessThan":"1d7f1049035b","versionType":"custom"},{"version":"6d98eb95b450","status":"affected","lessThan":"f01d66190457","versionType":"custom"},{"version":"6d98eb95b450","status":"affected","lessThan":"aaef73821a3b","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:5.17:-:*:*:*:*:*:*"],"defaultStatus":"affected","versions":[{"version":"5.17","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-13T03:55:21.790532Z","id":"CVE-2024-26926","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-13T14:39:55.884Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:21:05.552Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/68a28f551e4690db2b27b3db716c7395f6fada12","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/48a1f83ca9c68518b1a783c62e6a8223144fa9fc","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a2fd6dbc98be1105a1d8e9e31575da8873ef115c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a6d2a8b211c874971ee4cf3ddd167408177f6e76","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1d7f1049035b2060342f11eff957cf567d810bdc","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f01d6619045704d78613b14e2e0420bfdb7f1c15","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/aaef73821a3b0194a01bd23ca77774f704a04d40","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]}]}]},"dataVersion":"5.2"}