PT-2024-21548 · Linux+9 · Linux Kernel+9

William Kucharski

Published

2024-04-17

Updated

2025-09-29

CVE-2024-26872

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free Write issue in srpt refresh port() has been identified. This occurs because an event handler is registered before the srpt device is fully set up, and a race condition upon error may leave a partially set up event handler in place. The issue is resolved by registering the event handler after the srpt device initialization is complete.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:3618

ALSA-2024:3627

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

CESA-2024_3618

CESA-2024_3627

CVE-2024-26872

DLA-3842-1

DSA-5681-1

INFSA-2024_3618

INFSA-2024_3627

INFSA-2024_9315

OESA-2024-1617

OESA-2024-1618

OESA-2024-1622

OPENSUSE-SU-2024_1644-1

OPENSUSE-SU-2024_1659-1

OPENSUSE-SU-2024_1663-1

RHSA-2024:3618

RHSA-2024:3627

RHSA-2024:9315

RHSA-2024_3618

RHSA-2024_3627

RHSA-2024_9315

RHSA-2025:3021

RLSA-2024:3618

RLSA-2024:3627

SUSE-SU-2024:1644-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

SUSE-SU-2025:02334-1

SUSE-SU-2025_02334-1

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6820-1

USN-6820-2

USN-6821-1

USN-6821-2

USN-6821-3

USN-6821-4

USN-6828-1

USN-6871-1

USN-6878-1

USN-6892-1

USN-6919-1

Affected Products

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-21548 · Linux+9 · Linux Kernel+9

CVE-2024-26872

Weakness Enumeration

Related Identifiers

Affected Products

References · 1631