{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-26867",
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "state": "PUBLISHED",
        "assignerShortName": "Linux",
        "dateReserved": "2024-02-19T14:20:24.184Z",
        "datePublished": "2024-04-17T10:27:28.795Z",
        "dateUpdated": "2024-08-02T00:21:04.180Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
                "shortName": "Linux",
                "dateUpdated": "2024-05-29T05:24:09.265Z"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: comedi_8255: Correct error in subdevice initialization\n\nThe refactoring done in commit 5c57b1ccecc7 (\"comedi: comedi_8255: Rework\nsubdevice initialization functions\") to the initialization of the io\nfield of struct subdev_8255_private broke all cards using the\ndrivers/comedi/drivers/comedi_8255.c module.\n\nPrior to 5c57b1ccecc7, __subdev_8255_init() initialized the io field\nin the newly allocated struct subdev_8255_private to the non-NULL\ncallback given to the function, otherwise it used a flag parameter to\nselect between subdev_8255_mmio and subdev_8255_io. The refactoring\nremoved that logic and the flag, as subdev_8255_mm_init() and\nsubdev_8255_io_init() now explicitly pass subdev_8255_mmio and\nsubdev_8255_io respectively to __subdev_8255_init(), only\n__subdev_8255_init() never sets spriv->io to the supplied\ncallback. That spriv->io is NULL leads to a later BUG:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP PTI\nCPU: 1 PID: 1210 Comm: systemd-udevd Not tainted 6.7.3-x86_64 #1\nHardware name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at 0xffffffffffffffd6.\nRSP: 0018:ffffa3f1c02d7b78 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: ffff91f847aefd00 RCX: 000000000000009b\nRDX: 0000000000000003 RSI: 0000000000000001 RDI: ffff91f840f6fc00\nRBP: ffff91f840f6fc00 R08: 0000000000000000 R09: 0000000000000001\nR10: 0000000000000000 R11: 000000000000005f R12: 0000000000000000\nR13: 0000000000000000 R14: ffffffffc0102498 R15: ffff91f847ce6ba8\nFS:  00007f72f4e8f500(0000) GS:ffff91f8d5c80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffffffffd6 CR3: 000000010540e000 CR4: 00000000000406f0\nCall Trace:\n <TASK>\n ? __die_body+0x15/0x57\n ? page_fault_oops+0x2ef/0x33c\n ? insert_vmap_area.constprop.0+0xb6/0xd5\n ? alloc_vmap_area+0x529/0x5ee\n ? exc_page_fault+0x15a/0x489\n ? asm_exc_page_fault+0x22/0x30\n __subdev_8255_init+0x79/0x8d [comedi_8255]\n pci_8255_auto_attach+0x11a/0x139 [8255_pci]\n comedi_auto_config+0xac/0x117 [comedi]\n ? __pfx___driver_attach+0x10/0x10\n pci_device_probe+0x88/0xf9\n really_probe+0x101/0x248\n __driver_probe_device+0xbb/0xed\n driver_probe_device+0x1a/0x72\n __driver_attach+0xd4/0xed\n bus_for_each_dev+0x76/0xb8\n bus_add_driver+0xbe/0x1be\n driver_register+0x9a/0xd8\n comedi_pci_driver_register+0x28/0x48 [comedi_pci]\n ? __pfx_pci_8255_driver_init+0x10/0x10 [8255_pci]\n do_one_initcall+0x72/0x183\n do_init_module+0x5b/0x1e8\n init_module_from_file+0x86/0xac\n __do_sys_finit_module+0x151/0x218\n do_syscall_64+0x72/0xdb\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\nRIP: 0033:0x7f72f50a0cb9\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 47 71 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffd47e512d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\nRAX: ffffffffffffffda RBX: 0000562dd06ae070 RCX: 00007f72f50a0cb9\nRDX: 0000000000000000 RSI: 00007f72f52d32df RDI: 000000000000000e\nRBP: 0000000000000000 R08: 00007f72f5168b20 R09: 0000000000000000\nR10: 0000000000000050 R11: 0000000000000246 R12: 00007f72f52d32df\nR13: 0000000000020000 R14: 0000562dd06785c0 R15: 0000562dcfd0e9a8\n </TASK>\nModules linked in: 8255_pci(+) comedi_8255 comedi_pci comedi intel_gtt e100(+) acpi_cpufreq rtc_cmos usbhid\nCR2: 0000000000000000\n---[ end trace 0000000000000000 ]---\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at 0xffffffffffffffd6.\nRSP: 0018:ffffa3f1c02d7b78 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: ffff91f847aefd00 RCX: 000000000000009b\nRDX: 0000000000000003 RSI: 0000000000000001 RDI: ffff91f840f6fc00\nRBP: ffff91f840f6fc00 R08: 0000000000000000 R09: 0000000000000001\nR10: 0000000000000000 R11: 000000000000005f R12: 0000000000000000\nR13: 0000000000000000 R14: ffffffffc0102498 R15: ffff91f847ce6ba8\nFS: \n---truncated---"
                }
            ],
            "affected": [
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "unaffected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "drivers/comedi/drivers/comedi_8255.c"
                    ],
                    "versions": [
                        {
                            "version": "5c57b1ccecc7",
                            "lessThan": "4a825457a45d",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "5c57b1ccecc7",
                            "lessThan": "cfa9ba1ae0be",
                            "status": "affected",
                            "versionType": "git"
                        }
                    ]
                },
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "affected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "drivers/comedi/drivers/comedi_8255.c"
                    ],
                    "versions": [
                        {
                            "version": "6.7",
                            "status": "affected"
                        },
                        {
                            "version": "0",
                            "lessThan": "6.7",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.7.11",
                            "lessThanOrEqual": "6.7.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.8",
                            "lessThanOrEqual": "*",
                            "status": "unaffected",
                            "versionType": "original_commit_for_fix"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://git.kernel.org/stable/c/4a825457a45d8debc46ab8cba57d47462411710d"
                },
                {
                    "url": "https://git.kernel.org/stable/c/cfa9ba1ae0bef0681833a22d326174fe633caab5"
                }
            ],
            "title": "comedi: comedi_8255: Correct error in subdevice initialization",
            "x_generator": {
                "engine": "bippy-a5840b7849dd"
            }
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-06-17T17:41:27.783893Z",
                                "id": "CVE-2024-26867",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-06-17T17:48:10.615Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-02T00:21:04.180Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://git.kernel.org/stable/c/4a825457a45d8debc46ab8cba57d47462411710d",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/cfa9ba1ae0bef0681833a22d326174fe633caab5",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            }
        ]
    }
}