PT-2024-1999 · Linux+5 · Linux Kernel+5

Published

2024-01-11

·

Updated

2025-10-13

·

CVE-2024-26596

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a slab-out-of-bounds error in the dsa user prechangeupper function, which occurs when a NETDEV PRECHANGEUPPER event is emitted with a VLAN as its new upper. This happens because not all net devices have a netdev priv of type struct dsa user priv, but the code attempts to dereference it anyway. The error is triggered when the dummy interface is used with a VLAN, causing the kernel to access memory outside the allocated bounds.
Technical details about exploitation include:
  • The dsa user to port function, which returns a struct dsa port pointer.
  • The netdev priv function, which returns a pointer to the private data of a network device.
  • The dsa user prechangeupper function, which is called when a NETDEV PRECHANGEUPPER event occurs.
  • The dsa user netdevice event function, which handles network device events.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-10855
ALT-PU-2025-12647
AZL-39884
BDU:2024-01856
CVE-2024-26596
DLA-4102-1
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4316-1
SUSE-SU-2024:4314-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4318-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1

Affected Products

Alt Linux
Astra Linux
Debian
Linux Kernel
Red Os
Suse