PT-2024-1990 · Linux+6 · Linux Kernel+6

Oliver Upton

Published

2024-01-04

Updated

2025-09-29

CVE-2024-26598

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a potential use-after-free (UAF) scenario in the Linux kernel's KVM: arm64: vgic-its module. This occurs when an LPI translation cache hit races with an operation that invalidates the cache, such as a DISCARD ITS command. The root of the problem is that the vgic its check cache() function does not elevate the refcount on the vgic irq before dropping the lock that serializes refcount changes. To resolve this, vgic its check cache() should raise the refcount on the returned vgic irq and add the corresponding decrement after queueing the interrupt.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880

ALT-PU-2024-17576

BDU:2024-01834

CVE-2024-26598

DLA-3841-1

OESA-2024-2029

OESA-2024-2030

OESA-2024-2031

OPENSUSE-SU-2024_0858-1

RHSA-2024:3854

RHSA-2024:3855

RHSA-2024:4415

RHSA-2024:4740

RHSA-2024:8161

SUSE-SU-2024:0855-1

SUSE-SU-2024:0858-1

SUSE-SU-2024:0900-1

SUSE-SU-2024:0900-2

SUSE-SU-2024:0910-1

SUSE-SU-2024:0977-1

USN-6688-1

USN-6725-1

USN-6725-2

USN-6765-1

USN-6767-1

USN-6767-2

USN-6818-1

USN-6818-2

USN-6818-3

USN-6818-4

USN-6819-1

USN-6819-2

USN-6819-3

USN-6819-4

Affected Products

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-1990 · Linux+6 · Linux Kernel+6

CVE-2024-26598

Weakness Enumeration

Related Identifiers

Affected Products

References · 462