[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-26870":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":20,"downstream":21,"duplicates":96,"related":97,"reserved_at":9,"published_at":108,"modified_at":109,"state":110,"summary":111,"references_raw":120,"kevs":161,"epss":162,"epss_history":165,"metrics":408,"affected":414},"CVE-2024-26870","In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102\n\nA call to listxattr() with a buffer size = 0 returns the actual\nsize of the buffer needed for a subsequent call. When size > 0,\nnfs4_listxattr() does not return an error because either\ngeneric_listxattr() or nfs4_listxattr_nfs4_label() consumes\nexactly all the bytes then size is 0 when calling\nnfs4_listxattr_nfs4_user() which then triggers the following\nkernel BUG:\n\n  [   99.403778] kernel BUG at mm/usercopy.c:102!\n  [   99.404063] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n  [   99.408463] CPU: 0 PID: 3310 Comm: python3 Not tainted 6.6.0-61.fc40.aarch64 #1\n  [   99.415827] Call trace:\n  [   99.415985]  usercopy_abort+0x70/0xa0\n  [   99.416227]  __check_heap_object+0x134/0x158\n  [   99.416505]  check_heap_object+0x150/0x188\n  [   99.416696]  __check_object_size.part.0+0x78/0x168\n  [   99.416886]  __check_object_size+0x28/0x40\n  [   99.417078]  listxattr+0x8c/0x120\n  [   99.417252]  path_listxattr+0x78/0xe0\n  [   99.417476]  __arm64_sys_listxattr+0x28/0x40\n  [   99.417723]  invoke_syscall+0x78/0x100\n  [   99.417929]  el0_svc_common.constprop.0+0x48/0xf0\n  [   99.418186]  do_el0_svc+0x24/0x38\n  [   99.418376]  el0_svc+0x3c/0x110\n  [   99.418554]  el0t_64_sync_handler+0x120/0x130\n  [   99.418788]  el0t_64_sync+0x194/0x198\n  [   99.418994] Code: aa0003e3 d000a3e0 91310000 97f49bdb (d4210000)\n\nIssue is reproduced when generic_listxattr() returns 'system.nfs4_acl',\nthus calling lisxattr() with size = 16 will trigger the bug.\n\nAdd check on nfs4_listxattr() to return ERANGE error when it is\ncalled with size > 0 and the return value is greater than size.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[],[],[22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94],{"_key":23},"SUSE-SU-2024:2203-1",{"_key":25},"SUSE-SU-2024:2008-1",{"_key":27},"SUSE-SU-2024:2019-1",{"_key":29},"SUSE-SU-2024:2135-1",{"_key":31},"SUSE-SU-2024:2190-1",{"_key":33},"SUSE-SU-2024:2973-1",{"_key":35},"DLA-3842-1",{"_key":37},"DSA-5681-1",{"_key":39},"SUSE-SU-2025:20008-1",{"_key":41},"SUSE-SU-2025:20028-1",{"_key":43},"SUSE-SU-2025:20166-1",{"_key":45},"SUSE-SU-2025:20249-1",{"_key":47},"DEBIAN-CVE-2024-26870",{"_key":49},"RHSA-2024:5065",{"_key":51},"RHSA-2024:5101",{"_key":53},"RHSA-2024:5102",{"_key":55},"RHSA-2024:5255",{"_key":57},"RHSA-2024:9497",{"_key":59},"RHSA-2024:9498",{"_key":61},"RHSA-2024:9546",{"_key":63},"RHSA-2024:9315",{"_key":65},"UBUNTU-CVE-2024-26870",{"_key":67},"USN-6816-1",{"_key":69},"USN-6817-1",{"_key":71},"USN-6817-2",{"_key":73},"USN-6817-3",{"_key":75},"USN-6820-1",{"_key":77},"USN-6820-2",{"_key":79},"USN-6821-1",{"_key":81},"USN-6821-2",{"_key":83},"USN-6821-3",{"_key":85},"USN-6821-4",{"_key":87},"USN-6828-1",{"_key":89},"USN-6871-1",{"_key":91},"USN-6878-1",{"_key":93},"USN-6892-1",{"_key":95},"USN-6919-1",[],[98,99,100,101,102,103,104,105,106,107],{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":39},{"_key":41},{"_key":43},{"_key":45},"2024-04-17T10:27:30.756Z","2026-05-12T11:49:46.342Z","Modified",{"cisa_kev":112,"cisa_ransomware":112,"cisa_vendor":9,"epss_severity":113,"epss_score":114,"severity":115,"severity_score":116,"severity_version":117,"severity_source":118,"severity_vector":119,"severity_status":110},false,"low",0.00025,"medium",5.5,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",[121,127,131,135,139,143,147,151,157],{"url":122,"sources":123,"tags":125},"https://git.kernel.org/stable/c/4403438eaca6e91f02d272211c4d6b045092396b",[124,118],"cve.org",[126],"Patch",{"url":128,"sources":129,"tags":130},"https://git.kernel.org/stable/c/9d52865ff28245fc2134da9f99baff603a24407a",[124,118],[126],{"url":132,"sources":133,"tags":134},"https://git.kernel.org/stable/c/06e828b3f1b206de08ef520fc46a40b22e1869cb",[124,118],[126],{"url":136,"sources":137,"tags":138},"https://git.kernel.org/stable/c/79cdcc765969d23f4e3d6ea115660c3333498768",[124,118],[126],{"url":140,"sources":141,"tags":142},"https://git.kernel.org/stable/c/80365c9f96015bbf048fdd6c8705d3f8770132bf",[124,118],[126],{"url":144,"sources":145,"tags":146},"https://git.kernel.org/stable/c/23bfecb4d852751d5e403557dd500bb563313baf",[124,118],[126],{"url":148,"sources":149,"tags":150},"https://git.kernel.org/stable/c/251a658bbfceafb4d58c76b77682c8bf7bcfad65",[124,118],[126],{"url":152,"sources":153,"tags":154},"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",[124,118],[155,156],"X Transferred","Mailing List",{"url":158,"sources":159,"tags":160},"https://cert-portal.siemens.com/productcert/html/ssa-265688.html",[124,118],[],[],{"date":163,"score":114,"percentile":164},"2026-06-03",0.07421,[166,170,173,176,179,182,184,187,190,193,195,198,201,203,206,210,213,216,219,222,225,228,231,234,237,240,243,246,249,252,255,257,260,263,266,268,271,274,277,280,282,284,287,290,292,295,298,300,303,305,307,309,311,314,316,318,320,322,325,327,329,331,333,336,339,341,343,345,348,351,354,357,359,362,365,368,371,374,376,379,382,385,388,391,393,396,398,400,402,405],{"date":167,"score":168,"percentile":169},"2025-11-04",0.00012,0.01243,{"date":171,"score":168,"percentile":172},"2025-11-05",0.01264,{"date":174,"score":168,"percentile":175},"2025-11-06",0.01276,{"date":177,"score":168,"percentile":178},"2025-11-07",0.0128,{"date":180,"score":168,"percentile":181},"2025-11-08",0.01283,{"date":183,"score":168,"percentile":178},"2025-11-09",{"date":185,"score":168,"percentile":186},"2025-11-10",0.0127,{"date":188,"score":168,"percentile":189},"2025-11-11",0.01275,{"date":191,"score":168,"percentile":192},"2025-11-12",0.01277,{"date":194,"score":168,"percentile":181},"2025-11-13",{"date":196,"score":168,"percentile":197},"2025-11-14",0.01297,{"date":199,"score":168,"percentile":200},"2025-11-15",0.01311,{"date":202,"score":168,"percentile":200},"2025-11-16",{"date":204,"score":168,"percentile":205},"2025-11-17",0.01303,{"date":207,"score":208,"percentile":209},"2025-11-18",0.0009,0.21821,{"date":211,"score":208,"percentile":212},"2025-11-19",0.21833,{"date":214,"score":208,"percentile":215},"2025-11-20",0.21842,{"date":217,"score":168,"percentile":218},"2025-11-21",0.01357,{"date":220,"score":168,"percentile":221},"2025-11-22",0.01354,{"date":223,"score":168,"percentile":224},"2025-11-23",0.01343,{"date":226,"score":168,"percentile":227},"2025-11-24",0.01336,{"date":229,"score":168,"percentile":230},"2025-11-25",0.01331,{"date":232,"score":168,"percentile":233},"2025-11-26",0.01269,{"date":235,"score":168,"percentile":236},"2025-11-27",0.01268,{"date":238,"score":168,"percentile":239},"2025-11-28",0.01271,{"date":241,"score":168,"percentile":242},"2025-11-29",0.01308,{"date":244,"score":168,"percentile":245},"2025-11-30",0.01317,{"date":247,"score":168,"percentile":248},"2025-12-01",0.01345,{"date":250,"score":168,"percentile":251},"2025-12-02",0.0134,{"date":253,"score":168,"percentile":254},"2025-12-03",0.01342,{"date":256,"score":168,"percentile":245},"2025-12-04",{"date":258,"score":168,"percentile":259},"2025-12-05",0.01333,{"date":261,"score":168,"percentile":262},"2025-12-06",0.01337,{"date":264,"score":168,"percentile":265},"2025-12-07",0.01334,{"date":267,"score":168,"percentile":265},"2025-12-08",{"date":269,"score":168,"percentile":270},"2025-12-09",0.01347,{"date":272,"score":168,"percentile":273},"2025-12-10",0.01359,{"date":275,"score":168,"percentile":276},"2025-12-11",0.01349,{"date":278,"score":168,"percentile":279},"2025-12-12",0.01348,{"date":281,"score":168,"percentile":265},"2025-12-13",{"date":283,"score":168,"percentile":259},"2025-12-14",{"date":285,"score":168,"percentile":286},"2025-12-15",0.01329,{"date":288,"score":168,"percentile":289},"2025-12-16",0.01335,{"date":291,"score":168,"percentile":227},"2025-12-17",{"date":293,"score":168,"percentile":294},"2025-12-18",0.01325,{"date":296,"score":168,"percentile":297},"2025-12-19",0.0133,{"date":299,"score":168,"percentile":297},"2025-12-20",{"date":301,"score":168,"percentile":302},"2025-12-21",0.01341,{"date":304,"score":168,"percentile":224},"2025-12-22",{"date":306,"score":168,"percentile":254},"2025-12-23",{"date":308,"score":168,"percentile":248},"2025-12-24",{"date":310,"score":168,"percentile":270},"2025-12-25",{"date":312,"score":168,"percentile":313},"2025-12-26",0.0135,{"date":315,"score":168,"percentile":254},"2025-12-27",{"date":317,"score":168,"percentile":224},"2025-12-28",{"date":319,"score":168,"percentile":265},"2025-12-29",{"date":321,"score":168,"percentile":286},"2025-12-30",{"date":323,"score":168,"percentile":324},"2025-12-31",0.01327,{"date":326,"score":168,"percentile":276},"2026-01-01",{"date":328,"score":168,"percentile":248},"2026-01-02",{"date":330,"score":168,"percentile":270},"2026-01-03",{"date":332,"score":168,"percentile":245},"2026-01-04",{"date":334,"score":168,"percentile":335},"2026-01-05",0.01323,{"date":337,"score":168,"percentile":338},"2026-01-06",0.01318,{"date":340,"score":168,"percentile":335},"2026-01-07",{"date":342,"score":168,"percentile":262},"2026-01-08",{"date":344,"score":168,"percentile":221},"2026-01-09",{"date":346,"score":168,"percentile":347},"2026-01-10",0.01363,{"date":349,"score":168,"percentile":350},"2026-01-11",0.01361,{"date":352,"score":168,"percentile":353},"2026-01-12",0.01364,{"date":355,"score":168,"percentile":356},"2026-01-13",0.01362,{"date":358,"score":168,"percentile":353},"2026-01-14",{"date":360,"score":168,"percentile":361},"2026-01-15",0.01376,{"date":363,"score":168,"percentile":364},"2026-01-16",0.01384,{"date":366,"score":168,"percentile":367},"2026-01-17",0.01387,{"date":369,"score":168,"percentile":370},"2026-01-18",0.014,{"date":372,"score":168,"percentile":373},"2026-01-19",0.01389,{"date":375,"score":168,"percentile":361},"2026-01-20",{"date":377,"score":168,"percentile":378},"2026-01-21",0.01371,{"date":380,"score":168,"percentile":381},"2026-01-22",0.01373,{"date":383,"score":168,"percentile":384},"2026-01-23",0.01388,{"date":386,"score":168,"percentile":387},"2026-01-24",0.01391,{"date":389,"score":168,"percentile":390},"2026-01-25",0.0139,{"date":392,"score":168,"percentile":367},"2026-01-26",{"date":394,"score":168,"percentile":395},"2026-01-27",0.01374,{"date":397,"score":168,"percentile":395},"2026-01-28",{"date":399,"score":168,"percentile":364},"2026-01-29",{"date":401,"score":168,"percentile":367},"2026-01-30",{"date":403,"score":168,"percentile":404},"2026-01-31",0.01402,{"date":406,"score":168,"percentile":407},"2026-02-01",0.01425,[409],{"source":118,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":410,"cvss_v4_0":9},{"baseScore":116,"baseSeverity":411,"vectorString":119,"impactScore":412,"exploitabilityScore":413},"MEDIUM",6,4.6,[415,424,456],{"ecosystem":9,"name":416,"vendor":417,"product":418,"cpe_part":419,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":420},"debian linux","debian","debian_linux","o",[421],{"version":422,"is_range":112,"range_type":423,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":425,"vendor":426,"product":426,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":428},"Linux","linux","a",[429,436,439,442,445,448,451,454],{"version":430,"is_range":431,"range_type":124,"version_start":432,"version_start_type":433,"version_end":434,"version_end_type":435,"fixed_in":9},">= 012a211abd5db098094ce429de5f046368391e68, \u003C 4403438eaca6e91f02d272211c4d6b045092396b",true,"012a211abd5db098094ce429de5f046368391e68","including","4403438eaca6e91f02d272211c4d6b045092396b","excluding",{"version":437,"is_range":431,"range_type":124,"version_start":432,"version_start_type":433,"version_end":438,"version_end_type":435,"fixed_in":9},">= 012a211abd5db098094ce429de5f046368391e68, \u003C 9d52865ff28245fc2134da9f99baff603a24407a","9d52865ff28245fc2134da9f99baff603a24407a",{"version":440,"is_range":431,"range_type":124,"version_start":432,"version_start_type":433,"version_end":441,"version_end_type":435,"fixed_in":9},">= 012a211abd5db098094ce429de5f046368391e68, \u003C 06e828b3f1b206de08ef520fc46a40b22e1869cb","06e828b3f1b206de08ef520fc46a40b22e1869cb",{"version":443,"is_range":431,"range_type":124,"version_start":432,"version_start_type":433,"version_end":444,"version_end_type":435,"fixed_in":9},">= 012a211abd5db098094ce429de5f046368391e68, \u003C 79cdcc765969d23f4e3d6ea115660c3333498768","79cdcc765969d23f4e3d6ea115660c3333498768",{"version":446,"is_range":431,"range_type":124,"version_start":432,"version_start_type":433,"version_end":447,"version_end_type":435,"fixed_in":9},">= 012a211abd5db098094ce429de5f046368391e68, \u003C 80365c9f96015bbf048fdd6c8705d3f8770132bf","80365c9f96015bbf048fdd6c8705d3f8770132bf",{"version":449,"is_range":431,"range_type":124,"version_start":432,"version_start_type":433,"version_end":450,"version_end_type":435,"fixed_in":9},">= 012a211abd5db098094ce429de5f046368391e68, \u003C 23bfecb4d852751d5e403557dd500bb563313baf","23bfecb4d852751d5e403557dd500bb563313baf",{"version":452,"is_range":431,"range_type":124,"version_start":432,"version_start_type":433,"version_end":453,"version_end_type":435,"fixed_in":9},">= 012a211abd5db098094ce429de5f046368391e68, \u003C 251a658bbfceafb4d58c76b77682c8bf7bcfad65","251a658bbfceafb4d58c76b77682c8bf7bcfad65",{"version":455,"is_range":112,"range_type":124,"version_start":455,"version_start_type":433,"version_end":455,"version_end_type":433,"fixed_in":9},"5.9",{"ecosystem":9,"name":457,"vendor":426,"product":458,"cpe_part":419,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":459},"linux kernel","linux_kernel",[460,463,467,471,475,479],{"version":461,"is_range":431,"range_type":423,"version_start":455,"version_start_type":433,"version_end":462,"version_end_type":435,"fixed_in":9},"gte5.9_lt5.10.214","5.10.214",{"version":464,"is_range":431,"range_type":423,"version_start":465,"version_start_type":433,"version_end":466,"version_end_type":435,"fixed_in":9},"gte5.11_lt5.15.153","5.11","5.15.153",{"version":468,"is_range":431,"range_type":423,"version_start":469,"version_start_type":433,"version_end":470,"version_end_type":435,"fixed_in":9},"gte5.16_lt6.1.83","5.16","6.1.83",{"version":472,"is_range":431,"range_type":423,"version_start":473,"version_start_type":433,"version_end":474,"version_end_type":435,"fixed_in":9},"gte6.2_lt6.6.23","6.2","6.6.23",{"version":476,"is_range":431,"range_type":423,"version_start":477,"version_start_type":433,"version_end":478,"version_end_type":435,"fixed_in":9},"gte6.7_lt6.7.11","6.7","6.7.11",{"version":480,"is_range":431,"range_type":423,"version_start":481,"version_start_type":433,"version_end":482,"version_end_type":435,"fixed_in":9},"gte6.8_lt6.8.2","6.8","6.8.2"]