{"id":"CVE-2024-26598","summary":"KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache\n\nThere is a potential UAF scenario in the case of an LPI translation\ncache hit racing with an operation that invalidates the cache, such\nas a DISCARD ITS command. The root of the problem is that\nvgic_its_check_cache() does not elevate the refcount on the vgic_irq\nbefore dropping the lock that serializes refcount changes.\n\nHave vgic_its_check_cache() raise the refcount on the returned vgic_irq\nand add the corresponding decrement after queueing the interrupt.","modified":"2026-04-02T10:04:58.006362Z","published":"2024-02-23T14:46:26.672Z","related":["SUSE-SU-2024:0855-1","SUSE-SU-2024:0858-1","SUSE-SU-2024:0900-1","SUSE-SU-2024:0900-2","SUSE-SU-2024:0910-1","SUSE-SU-2024:0977-1","USN-6818-2","USN-6819-2"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26598.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/12c2759ab1343c124ed46ba48f27bd1ef5d2dff4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/65b201bf3e9af1b0254243a5881390eda56f72d1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ad362fe07fecf0aba839ff2cc59a3617bd42c33f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ba7be666740847d967822bed15500656b26bc703"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dba788e25f05209adf2b0175eb1691dc89fb1ba6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dd3956a1b3dd11f46488c928cb890d6937d1ca80"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26598.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26598"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"6211753fdfd05af9e08f54c8d0ba3ee516034878"},{"fixed":"d04acadb6490aa3314f9c9e087691e55de153b88"},{"fixed":"ba7be666740847d967822bed15500656b26bc703"},{"fixed":"12c2759ab1343c124ed46ba48f27bd1ef5d2dff4"},{"fixed":"dba788e25f05209adf2b0175eb1691dc89fb1ba6"},{"fixed":"65b201bf3e9af1b0254243a5881390eda56f72d1"},{"fixed":"dd3956a1b3dd11f46488c928cb890d6937d1ca80"},{"fixed":"ad362fe07fecf0aba839ff2cc59a3617bd42c33f"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26598.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}