LiveActive security incident?Get immediate response
CVE Record

CVE-2024-26795: riscv: Sparse-Memory/vmemmap out-of-bounds fix

In the Linux kernel, the following vulnerability has been resolved: riscv: Sparse-Memory/vmemmap out-of-bounds fix Offset vmemmap so that the first page of vmemmap will be mapped to the first page of physical memory in order to ensure that vmemmap’s bounds will be respected during pfn_to_page()/page_to_pfn() operations. The conversion macros will produce correct SV39/48/57 addresses for every possible/valid DRAM_BASE inside the physical memory limits. v2:Address Alex's comments

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

CVE-2024-26795 is a Linux kernel issue specific to RISC-V memory mapping. The bug could cause kernel page translation logic to go outside expected vmemmap bounds. The supplied sources do not state business impact, CVSS severity, or active exploitation, so urgency depends mainly on whether you operate RISC-V Linux systems.

Executive priority

Treat this as a targeted kernel maintenance item. Patch promptly where RISC-V Linux is used in production, appliances, or embedded platforms. For environments without RISC-V Linux, monitor only. The evidence does not support emergency response language.

Technical view

The fix offsets vmemmap so its first page maps to the first physical memory page, preserving bounds during pfn_to_page() and page_to_pfn() conversions. The change is for RISC-V sparse-memory handling and valid DRAM_BASE values under SV39/48/57 addressing. Source evidence is limited to kernel fix metadata and Debian LTS advisory context.

Likely exposure

Exposure appears limited to Linux systems running affected RISC-V kernel builds or downstream distributions carrying the vulnerable sparse-memory/vmemmap code. Organizations without RISC-V Linux assets are unlikely to be affected based on the supplied description.

Exploitation context

The source bundle marks KEV as false and provides no evidence of active exploitation, public exploit availability, or practical attack conditions. It also does not describe attacker prerequisites or impact beyond an out-of-bounds vmemmap condition.

Researcher notes

Key uncertainty is impact. The provided record names an out-of-bounds fix in RISC-V sparse-memory/vmemmap logic but does not document crash, privilege escalation, or confidentiality outcomes. Research should focus on affected kernel lineage, downstream backports, and whether configurations use the relevant RISC-V memory model.

Mitigation direction

  • Apply vendor kernel updates containing the referenced stable Linux fixes.
  • Review Debian LTS and distribution advisories for packaged kernel availability.
  • Prioritize RISC-V Linux hosts, appliances, images, and embedded deployments.
  • If no packaged fix exists, follow vendor guidance for supported backports.
  • Avoid direct upstream assumptions for downstream kernels; validate vendor patch status.

Validation and detection

  • Inventory Linux systems by architecture and kernel version.
  • Identify RISC-V hosts using affected kernel series or vendor packages.
  • Confirm the running kernel includes the applicable stable fix commit.
  • Check distribution changelogs for CVE-2024-26795 or referenced commits.
  • Retest after reboot to confirm the patched kernel is active.
Prepared
Confidence
medium
Sources
9

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-26795 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
8Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxd95f1a542c3df396137afa217ef9bd39cb8931ca, d95f1a542c3df396137afa217ef9bd39cb8931ca, d95f1a542c3df396137afa217ef9bd39cb8931ca, d95f1a542c3df396137afa217ef9bd39cb8931ca, d95f1a542c3df396137afa217ef9bd39cb8931caunaffected
LinuxLinux5.4, 0, 5.15.151, 6.1.81, 6.6.21, 6.7.9, 6.8affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.