[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2024-26703":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":19,"modified_at":20,"state":9,"summary":21,"references_raw":23,"kevs":30,"epss":9,"epss_history":31,"metrics":32,"affected":39},"DEBIAN-CVE-2024-26703","In the Linux kernel, the following vulnerability has been resolved:  tracing/timerlat: Move hrtimer_init to timerlat_fd open()  Currently, the timerlat's hrtimer is initialized at the first read of timerlat_fd, and destroyed at close(). It works, but it causes an error if the user program open() and close() the file without reading.  Here's an example:   # echo NO_OSNOISE_WORKLOAD > /sys/kernel/debug/tracing/osnoise/options  # echo timerlat > /sys/kernel/debug/tracing/current_tracer   # cat \u003C\u003CEOF > ./timerlat_load.py  # !/usr/bin/env python3   timerlat_fd = open(\"/sys/kernel/tracing/osnoise/per_cpu/cpu0/timerlat_fd\", 'r')  timerlat_fd.close();  EOF   # ./taskset -c 0 ./timerlat_load.py \u003CBOOM>   BUG: kernel NULL pointer dereference, address: 0000000000000010  #PF: supervisor read access in kernel mode  #PF: error_code(0x0000) - not-present page  PGD 0 P4D 0  Oops: 0000 [#1] PREEMPT SMP NOPTI  CPU: 1 PID: 2673 Comm: python3 Not tainted 6.6.13-200.fc39.x86_64 #1  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014  RIP: 0010:hrtimer_active+0xd/0x50  Code: 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 48 8b 57 30 \u003C8b> 42 10 a8 01 74 09 f3 90 8b 42 10 a8 01 75 f7 80 7f 38 00 75 1d  RSP: 0018:ffffb031009b7e10 EFLAGS: 00010286  RAX: 000000000002db00 RBX: ffff9118f786db08 RCX: 0000000000000000  RDX: 0000000000000000 RSI: ffff9117a0e64400 RDI: ffff9118f786db08  RBP: ffff9118f786db80 R08: ffff9117a0ddd420 R09: ffff9117804d4f70  R10: 0000000000000000 R11: 0000000000000000 R12: ffff9118f786db08  R13: ffff91178fdd5e20 R14: ffff9117840978c0 R15: 0000000000000000  FS:  00007f2ffbab1740(0000) GS:ffff9118f7840000(0000) knlGS:0000000000000000  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  CR2: 0000000000000010 CR3: 00000001b402e000 CR4: 0000000000750ee0  PKRU: 55555554  Call Trace:   \u003CTASK>   ? __die+0x23/0x70   ? page_fault_oops+0x171/0x4e0   ? srso_alias_return_thunk+0x5/0x7f   ? avc_has_extended_perms+0x237/0x520   ? exc_page_fault+0x7f/0x180   ? asm_exc_page_fault+0x26/0x30   ? hrtimer_active+0xd/0x50   hrtimer_cancel+0x15/0x40   timerlat_fd_release+0x48/0xe0   __fput+0xf5/0x290   __x64_sys_close+0x3d/0x80   do_syscall_64+0x60/0x90   ? srso_alias_return_thunk+0x5/0x7f   ? __x64_sys_ioctl+0x72/0xd0   ? srso_alias_return_thunk+0x5/0x7f   ? syscall_exit_to_user_mode+0x2b/0x40   ? srso_alias_return_thunk+0x5/0x7f   ? do_syscall_64+0x6c/0x90   ? srso_alias_return_thunk+0x5/0x7f   ? exit_to_user_mode_prepare+0x142/0x1f0   ? srso_alias_return_thunk+0x5/0x7f   ? syscall_exit_to_user_mode+0x2b/0x40   ? srso_alias_return_thunk+0x5/0x7f   ? do_syscall_64+0x6c/0x90   entry_SYSCALL_64_after_hwframe+0x6e/0xd8  RIP: 0033:0x7f2ffb321594  Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 cd 0d 00 00 74 13 b8 03 00 00 00 0f 05 \u003C48> 3d 00 f0 ff ff 77 3c c3 0f 1f 00 55 48 89 e5 48 83 ec 10 89 7d  RSP: 002b:00007ffe8d8eef18 EFLAGS: 00000202 ORIG_RAX: 0000000000000003  RAX: ffffffffffffffda RBX: 00007f2ffba4e668 RCX: 00007f2ffb321594  RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003  RBP: 00007ffe8d8eef40 R08: 0000000000000000 R09: 0000000000000000  R10: 55c926e3167eae79 R11: 0000000000000202 R12: 0000000000000003  R13: 00007ffe8d8ef030 R14: 0000000000000000 R15: 00007f2ffba4e668   \u003C/TASK>  CR2: 0000000000000010  ---[ end trace 0000000000000000 ]---  Move hrtimer_init to timerlat_fd open() to avoid this problem.",null,[],[],[],[14],{"_key":15},"CVE-2024-26703",[],[],[],"2024-04-03T15:15:53.140Z","2026-04-28T20:27:39.395854Z",{"cisa_kev":22,"cisa_ransomware":22,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[24],{"url":25,"sources":26,"tags":28},"https://security-tracker.debian.org/tracker/CVE-2024-26703",[27],"osv_debian",[29],"Advisory",[],[],[33],{"source":27,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":34,"cvss_v4_0":9},{"baseScore":35,"baseSeverity":9,"vectorString":36,"impactScore":37,"exploitabilityScore":38},5.5,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",6,4.6,[40],{"ecosystem":41,"name":42,"vendor":43,"product":42,"cpe_part":9,"purl_type":44,"purl_namespace":43,"purl_name":42,"source":9,"versions":45},"Debian","linux","debian","deb",[46,52],{"version":47,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":50,"version_end_type":51,"fixed_in":9},"lt6_7_7_1",true,"ecosystem","6.7.7-1","excluding",{"version":47,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":50,"version_end_type":51,"fixed_in":9}]