PT-2024-21570 · Linux+7 · Linux Kernel+7

Li Nan

·

Published

2024-02-08

·

Updated

2025-10-03

·

CVE-2024-26900

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability has been resolved in the Linux kernel, where a memory leak occurs when kobject add() fails in bind rdev to array(), causing rdev->serial to be allocated but not freed. This results in a kmemleak. The issue is related to the md module and involves the bind rdev to array() function. The vulnerability can be exploited through the md ioctl() function, which is used to interact with the md module.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-402CWE-401

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-10855
ALT-PU-2025-12647
AZL-40097
AZL-40162
BDU:2025-02912
CVE-2024-26900
DLA-3843-1
DSA-5703-1
INFSA-2024_9315
OESA-2024-1647
OESA-2024-1648
OESA-2024-1649
OESA-2024-1650
RHSA-2024:9315
RHSA-2024_9315
SUSE-SU-2024:1979-1
SUSE-SU-2024:1983-1
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2184-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20249-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6878-1
USN-6950-1
USN-6950-2
USN-6950-3
USN-6950-4
USN-6956-1
USN-6957-1
USN-7019-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu