PT-2024-21452 · Linux+9 · Linux Kernel+9
Syzbot
·
Published
2024-04-02
·
Updated
2025-09-29
·
CVE-2024-26675
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.8.0-rc2-syzkaller-g41bccc98fb79
Description
A vulnerability has been resolved in the Linux kernel. The issue is related to the
ppp async module, where a warning was triggered by syzbot in alloc pages(). The warning is due to an order exceeding MAX PAGE ORDER. Willem fixed a similar issue in a previous commit, and the same sanity check has been adopted for ppp async ioctl(PPPIOCSMRU). The vulnerability is related to memory allocation and can be exploited by an attacker to potentially cause a denial-of-service or execute arbitrary code.Recommendations
To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, update to a version later than 6.8.0-rc2-syzkaller-g41bccc98fb79. As a temporary workaround, consider disabling the
ppp async module until a patch is available.Exploit
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu