PT-2024-21541 · Linux+5 · Linux Kernel+5

Syzbot

·

Published

2024-03-14

·

Updated

2025-03-27

·

CVE-2024-26864

CVSS v3.1

5.9

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.8.0-rc6-syzkaller-00159-gc055fc00c07b and earlier
Description The issue is related to the handling of reference counts in the Linux kernel's TCP connection establishment process. Specifically, when the bhash2 allocation fails, an unconnected socket can occupy an ehash entry. To fix this, changes made by check established() need to be reverted by using sk nulls add node rcu() instead of sk nulls add node rcu(). If not, sock put() can cause a reference count underflow and leak the socket.
Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the reference count handling in inet hash connect(). As a temporary workaround, consider disabling the inet hash connect() function until a patch is available. However, this may have significant performance implications and should be carefully evaluated before implementation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Underflow

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-191CWE-200

Related Identifiers

BDU:2025-04400
CVE-2024-26864
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4316-1
SUSE-SU-2024:4314-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6878-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu