PT-2024-7703 · Linux+9 · Linux Kernel+9

Syzbot

·

Publicado

2024-02-19

·

Atualizado

2025-09-29

·

CVE-2024-26852

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Nome do software vulnerável e versões afetadas
Versões do kernel Linux anteriores à 6.8.0-rc4-syzkaller-01035-gea7f3cfaa588
Descrição
A vulnerabilidade está relacionada a um problema de uso após liberação (use-after-free) na função ip6 route mpath notify(). Esse problema pode ser explorado para potencialmente elevar privilégios no sistema. A vulnerabilidade foi descoberta por syzbot, e foi feito um commit para impedir o uso após liberação, mas isso não resolveu totalmente a causa raiz. As chamadas fib6 info release() precisam ser adiadas após ip6 route mpath notify() na fase de limpeza.
Recomendações
Para resolver este problema, atualize o kernel do Linux para uma versão que inclua a correção para esta vulnerabilidade. Especificamente, as versões posteriores à 6.8.0-rc4-syzkaller-01035-gea7f3cfaa588 devem incluir os patches necessários. Como solução temporária, considere desativar a função ip6 route mpath notify() até que um patch esteja disponível. No entanto, isso pode ter consequências indesejadas na funcionalidade de rede do sistema.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALSA-2024:4928
ALSA-2024:5101
ALSA-2024:5102
ALSA-2025_16880
BDU:2024-09160
CESA-2024_5101
CESA-2024_5102
CVE-2024-26852
DLA-3840-1
DLA-3842-1
DSA-5681-1
INFSA-2024_4928
INFSA-2024_5101
INFSA-2024_5102
OESA-2024-1617
OESA-2024-1618
OESA-2024-1622
OESA-2024-1768
OPENSUSE-SU-2024_1642-1
OPENSUSE-SU-2024_1644-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
OPENSUSE-SU-2024_2189-1
OPENSUSE-SU-2024_3623-1
OPENSUSE-SU-2024_3631-1
OPENSUSE-SU-2024_3639-1
OPENSUSE-SU-2024_3651-1
OPENSUSE-SU-2024_3652-1
OPENSUSE-SU-2024_3679-1
OPENSUSE-SU-2024_3694-1
OPENSUSE-SU-2024_3695-1
OPENSUSE-SU-2024_3696-1
OPENSUSE-SU-2024_3697-1
OPENSUSE-SU-2024_3700-1
OPENSUSE-SU-2024_3793-1
OPENSUSE-SU-2024_3798-1
OPENSUSE-SU-2024_3806-1
OPENSUSE-SU-2024_3814-1
OPENSUSE-SU-2024_3815-1
OPENSUSE-SU-2024_3829-1
OPENSUSE-SU-2024_3830-1
OPENSUSE-SU-2024_3837-1
OPENSUSE-SU-2024_3842-1
OPENSUSE-SU-2024_3851-1
OPENSUSE-SU-2024_3852-1
OPENSUSE-SU-2024_3855-1
OPENSUSE-SU-2024_4122-1
OPENSUSE-SU-2024_4123-1
OPENSUSE-SU-2024_4124-1
OPENSUSE-SU-2024_4214-1
OPENSUSE-SU-2024_4216-1
OPENSUSE-SU-2024_4218-1
OPENSUSE-SU-2024_4234-1
OPENSUSE-SU-2024_4235-1
OPENSUSE-SU-2024_4236-1
OPENSUSE-SU-2024_4256-1
OPENSUSE-SU-2024_4264-1
OPENSUSE-SU-2024_4266-1
OPENSUSE-SU-2025_0101-1
OPENSUSE-SU-2025_0106-1
OPENSUSE-SU-2025_0107-1
OPENSUSE-SU-2025_0109-1
OPENSUSE-SU-2025_0114-1
OPENSUSE-SU-2025_0115-1
OPENSUSE-SU-2025_0124-1
OPENSUSE-SU-2025_0150-1
OPENSUSE-SU-2025_0158-1
OPENSUSE-SU-2025_0240-1
OPENSUSE-SU-2025_0244-1
OPENSUSE-SU-2025_0248-1
OPENSUSE-SU-2025_0251-1
OPENSUSE-SU-2025_0252-1
OPENSUSE-SU-2025_0253-1
OPENSUSE-SU-2025_0261-1
OPENSUSE-SU-2025_0264-1
OPENSUSE-SU-2025_0266-1
RHSA-2024:4533
RHSA-2024:4554
RHSA-2024:4902
RHSA-2024:4928
RHSA-2024:5101
RHSA-2024:5102
RHSA-2024:6206
RHSA-2024_4928
RHSA-2024_5101
RHSA-2024_5102
RLSA-2024:4928
RLSA-2024:5101
RLSA-2024:5102
RXSA-2024:4928
RXSA-2024:5101
SUSE-SU-2024:1642-1
SUSE-SU-2024:1643-1
SUSE-SU-2024:1644-1
SUSE-SU-2024:1645-1
SUSE-SU-2024:1646-1
SUSE-SU-2024:1650-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
SUSE-SU-2024:1870-1
SUSE-SU-2024:2011-1
SUSE-SU-2024:2091-1
SUSE-SU-2024:2092-1
SUSE-SU-2024:2094-1
SUSE-SU-2024:2096-1
SUSE-SU-2024:2099-1
SUSE-SU-2024:2100-1
SUSE-SU-2024:2101-1
SUSE-SU-2024:2109-1
SUSE-SU-2024:2115-1
SUSE-SU-2024:2120-1
SUSE-SU-2024:2121-1
SUSE-SU-2024:2123-1
SUSE-SU-2024:2124-1
SUSE-SU-2024:2130-1
SUSE-SU-2024:2139-1
SUSE-SU-2024:2143-1
SUSE-SU-2024:2145-1
SUSE-SU-2024:2148-1
SUSE-SU-2024:2156-1
SUSE-SU-2024:2160-1
SUSE-SU-2024:2162-1
SUSE-SU-2024:2163-1
SUSE-SU-2024:2164-1
SUSE-SU-2024:2165-1
SUSE-SU-2024:2166-1
SUSE-SU-2024:2189-1
SUSE-SU-2024:2191-1
SUSE-SU-2024:2202-1
SUSE-SU-2024:2205-1
SUSE-SU-2024:2207-1
SUSE-SU-2024:2208-1
SUSE-SU-2024:2209-1
SUSE-SU-2024:2216-1
SUSE-SU-2024:2217-1
SUSE-SU-2024:2221-1
SUSE-SU-2024:2335-1
SUSE-SU-2024:2337-1
SUSE-SU-2024:2343-1
SUSE-SU-2024:2344-1
SUSE-SU-2024:2357-1
SUSE-SU-2024:2373-1
SUSE-SU-2024:2382-1
SUSE-SU-2024:2446-1
SUSE-SU-2024:2447-1
SUSE-SU-2024:2448-1
SUSE-SU-2024:2449-1
SUSE-SU-2024:2472-1
SUSE-SU-2024:2473-1
SUSE-SU-2024:2558-1
SUSE-SU-2024:2722-1
SUSE-SU-2024:2725-1
SUSE-SU-2024:2740-1
SUSE-SU-2024:2751-1
SUSE-SU-2024:2755-1
SUSE-SU-2024:2758-1
SUSE-SU-2024:2773-1
SUSE-SU-2024:2821-1
SUSE-SU-2024:2824-1
SUSE-SU-2024:2825-1
SUSE-SU-2024:2840-1
SUSE-SU-2024:2841-1
SUSE-SU-2024:2843-1
SUSE-SU-2024:2850-1
SUSE-SU-2024:2851-1
SUSE-SU-2024:3034-1
SUSE-SU-2024:3037-1
SUSE-SU-2024:3043-1
SUSE-SU-2024:3044-1
SUSE-SU-2024:3048-1
SUSE-SU-2024:3318-1
SUSE-SU-2024:3336-1
SUSE-SU-2024:3347-1
SUSE-SU-2024:3348-1
SUSE-SU-2024:3363-1
SUSE-SU-2024:3368-1
SUSE-SU-2024:3375-1
SUSE-SU-2024:3379-1
SUSE-SU-2024:3399-1
SUSE-SU-2024:3623-1
SUSE-SU-2024:3631-1
SUSE-SU-2024:3639-1
SUSE-SU-2024:3642-1
SUSE-SU-2024:3649-1
SUSE-SU-2024:3651-1
SUSE-SU-2024:3652-1
SUSE-SU-2024:3662-1
SUSE-SU-2024:3679-1
SUSE-SU-2024:3694-1
SUSE-SU-2024:3695-1
SUSE-SU-2024:3696-1
SUSE-SU-2024:3697-1
SUSE-SU-2024:3700-1
SUSE-SU-2024:3793-1
SUSE-SU-2024:3796-1
SUSE-SU-2024:3798-1
SUSE-SU-2024:3803-1
SUSE-SU-2024:3806-1
SUSE-SU-2024:3814-1
SUSE-SU-2024:3815-1
SUSE-SU-2024:3820-1
SUSE-SU-2024:3829-1
SUSE-SU-2024:3830-1
SUSE-SU-2024:3837-1
SUSE-SU-2024:3842-1
SUSE-SU-2024:3851-1
SUSE-SU-2024:3852-1
SUSE-SU-2024:3855-1
SUSE-SU-2024:4122-1
SUSE-SU-2024:4123-1
SUSE-SU-2024:4124-1
SUSE-SU-2024:4214-1
SUSE-SU-2024:4216-1
SUSE-SU-2024:4218-1
SUSE-SU-2024:4226-1
SUSE-SU-2024:4234-1
SUSE-SU-2024:4235-1
SUSE-SU-2024:4236-1
SUSE-SU-2024:4242-1
SUSE-SU-2024:4256-1
SUSE-SU-2024:4263-1
SUSE-SU-2024:4264-1
SUSE-SU-2024:4266-1
SUSE-SU-2024:4367-1
SUSE-SU-2025:0035-1
SUSE-SU-2025:0101-1
SUSE-SU-2025:0103-1
SUSE-SU-2025:0106-1
SUSE-SU-2025:0107-1
SUSE-SU-2025:0109-1
SUSE-SU-2025:0114-1
SUSE-SU-2025:0115-1
SUSE-SU-2025:0124-1
SUSE-SU-2025:0150-1
SUSE-SU-2025:0158-1
SUSE-SU-2025:0240-1
SUSE-SU-2025:0244-1
SUSE-SU-2025:0248-1
SUSE-SU-2025:0251-1
SUSE-SU-2025:0252-1
SUSE-SU-2025:0253-1
SUSE-SU-2025:0261-1
SUSE-SU-2025:0264-1
SUSE-SU-2025:0266-1
SUSE-SU-2025:20028-1
USN-6820-1
USN-6820-2
USN-6821-1
USN-6821-2
USN-6821-3
USN-6821-4
USN-6828-1
USN-6871-1
USN-6892-1
USN-6896-1
USN-6896-2
USN-6896-3
USN-6896-4
USN-6896-5
USN-6919-1

Produtos afetados

Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu