CVE-2024-26842 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()

When task_tag >= 32 (in MCQ mode) and sizeof(unsigned int) == 4, 1U <<
task_tag will out of bounds for a u32 mask. Fix this up to prevent
SHIFT_ISSUE (bitwise shifts that are out of bounds for their data type).

[name:debug_monitors&]Unexpected kernel BRK exception at EL1
[name:traps&]Internal error: BRK handler: 00000000f2005514 [#1] PREEMPT SMP
[name:mediatek_cpufreq_hw&]cpufreq stop DVFS log done
[name:mrdump&]Kernel Offset: 0x1ba5800000 from 0xffffffc008000000
[name:mrdump&]PHYS_OFFSET: 0x80000000
[name:mrdump&]pstate: 22400005 (nzCv daif +PAN -UAO)
[name:mrdump&]pc : [0xffffffdbaf52bb2c] ufshcd_clear_cmd+0x280/0x288
[name:mrdump&]lr : [0xffffffdbaf52a774] ufshcd_wait_for_dev_cmd+0x3e4/0x82c
[name:mrdump&]sp : ffffffc0081471b0
<snip>
Workqueue: ufs_eh_wq_0 ufshcd_err_handler
Call trace:
dump_backtrace+0xf8/0x144
show_stack+0x18/0x24
dump_stack_lvl+0x78/0x9c
dump_stack+0x18/0x44
mrdump_common_die+0x254/0x480 [mrdump]
ipanic_die+0x20/0x30 [mrdump]
notify_die+0x15c/0x204
die+0x10c/0x5f8
arm64_notify_die+0x74/0x13c
do_debug_exception+0x164/0x26c
el1_dbg+0x64/0x80
el1h_64_sync_handler+0x3c/0x90
el1h_64_sync+0x68/0x6c
ufshcd_clear_cmd+0x280/0x288
ufshcd_wait_for_dev_cmd+0x3e4/0x82c
ufshcd_exec_dev_cmd+0x5bc/0x9ac
ufshcd_verify_dev_init+0x84/0x1c8
ufshcd_probe_hba+0x724/0x1ce0
ufshcd_host_reset_and_restore+0x260/0x574
ufshcd_reset_and_restore+0x138/0xbd0
ufshcd_err_handler+0x1218/0x2f28
process_one_work+0x5fc/0x1140
worker_thread+0x7d8/0xe20
kthread+0x25c/0x468
ret_from_fork+0x10/0x20

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`adf452611677d048203398f489e2175a9068f9f7`	affected	< 7ac9e18f5d66087cd22751c5c5bf0090eb0038fe
`adf452611677d048203398f489e2175a9068f9f7`	affected	< a992425d18e5f7c48931121993c6c69426f2a8fb
`adf452611677d048203398f489e2175a9068f9f7`	affected	< b513d30d59bb383a6a5d6b533afcab2cee99a8f8

Linux

affected

Version	Status	Constraints
`6.5`	affected	—
`0`	unaffected	< 6.5
`6.6.19`	unaffected	≤ 6.6.*
`6.7.7`	unaffected	≤ 6.7.*
`6.8`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/7ac9e18f5d66087cd22751c5c5bf0090eb0038fe
https://git.kernel.org/stable/c/a992425d18e5f7c48931121993c6c69426f2a8fb
https://git.kernel.org/stable/c/b513d30d59bb383a6a5d6b533afcab2cee99a8f8
https://lore.kernel.org/linux-cve-announce/2024041716-CVE-2024-26842-d556@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26842
https://www.cve.org/CVERecord?id=CVE-2024-26842

History

Mon, 05 Jan 2026 11:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:linux:linux_kernel::::::::

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-17T10:10:07.430Z

Updated: 2026-01-05T10:34:36.930Z

Reserved: 2024-02-19T14:20:24.182Z

Link: CVE-2024-26842

Vulnrichment

Updated: 2024-08-02T00:14:13.670Z

NVD

Status : Awaiting Analysis

Published: 2024-04-17T10:15:09.997

Modified: 2024-11-21T09:03:11.357

Link: CVE-2024-26842

Redhat

Severity : Moderate

Publid Date: 2024-04-17T00:00:00Z

Links: CVE-2024-26842 - Bugzilla

OpenCVE Enrichment

Updated: 2025-07-13T11:06:19Z

Weaknesses

CWE-119

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object