PT-2024-21531 · Linux+7 · Linux Kernel+7

Florian Kauer

·

Published

2024-04-17

·

Updated

2026-05-26

·

CVE-2024-26853

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The vulnerability is related to the igc driver in the Linux kernel, specifically with the XDP REDIRECT feature. When a frame cannot be transmitted due to a full queue, it is necessary to free it by calling xdp return frame rx napi. However, this is the responsibility of the caller of the ndo xdp xmit, and calling it inside igc xdp xmit will lead to memory corruption. The memory corruption can be reproduced with a script that generates more traffic than a i225 NIC can transmit and pushes it via XDP REDIRECT from a virtual interface to the physical interface where frames get dropped.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

ALSA-2024:5101
ALSA-2024:5102
ALSA-2024:5363
ALSA-2025_16880
AZL-59456
BDU:2025-13347
CESA-2024_5101
CESA-2024_5102
CVE-2024-26853
INFSA-2024_5101
INFSA-2024_5102
INFSA-2024_5363
OPENSUSE-SU-2024_1644-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
RHSA-2024:5101
RHSA-2024:5102
RHSA-2024:5363
RHSA-2024:5672
RHSA-2024:5673
RHSA-2024:6206
RHSA-2024_5101
RHSA-2024_5102
RHSA-2024_5363
RLSA-2024:5101
RLSA-2024:5102
RLSA-2024:5363
RXSA-2024:5101
SUSE-SU-2024:1644-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20249-1

Affected Products

Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse