PT-2024-2085 · Linux+10 · Linux Kernel+10
Wen Gu
·
Published
2024-01-19
·
Updated
2025-09-29
·
CVE-2024-26615
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions 6.7.0 and earlier
Description
A crash was found when dumping SMC-D connections in the Linux kernel. The issue can be reproduced by running a specific test and continuously dumping SMC-D connections in parallel. The crash is caused by a kernel NULL pointer dereference, which occurs when the connection is in the process of being established and the
rmb desc has not yet been initialized. The vulnerability can be exploited to cause a denial of service.Recommendations
To resolve the issue, update the Linux kernel to a version that includes the fix for the
net/smc: fix illegal rmb desc access in SMC-D connection dump vulnerability. As a temporary workaround, consider disabling the smc diag dump() function until a patch is available.Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu