PT-2024-1950 · Linux+5 · Linux Kernel+5

Published

2024-01-31

·

Updated

2025-09-29

·

CVE-2024-26606

CVSS v2.0

6.8

Medium

VectorAV:N/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the binder functionality in the Linux kernel. In (e)poll mode, threads depend on I/O events to determine when data is ready for consumption. A thread may initiate a command via BINDER WRITE READ without a read buffer and then use epoll wait() or similar to consume any responses afterwards. It is crucial that epoll threads are signaled via wakeup when they queue their own work. Otherwise, they risk waiting indefinitely for an event leaving their work unhandled. What is worse, subsequent commands won't trigger a wakeup either as the thread has pending work. The vulnerability is associated with uncontrolled resource consumption, which can be exploited by a remote attacker to cause a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Resource Exhaustion

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-404CWE-387

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-14046
ALT-PU-2024-3457
ALT-PU-2024-6511
ALT-PU-2024-6818
BDU:2024-01747
CVE-2024-26606
DLA-3840-1
DLA-3842-1
DSA-5658-1
DSA-5681-1
OESA-2024-1392
OESA-2024-1393
OESA-2024-1394
OESA-2024-1395
OESA-2024-1396
OESA-2024-1397
USN-6766-1
USN-6766-2
USN-6766-3
USN-6767-1
USN-6767-2
USN-6795-1
USN-6828-1
USN-6895-1
USN-6895-2
USN-6895-3
USN-6895-4
USN-6900-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Ubuntu