PT-2024-21574 · Linux+4 · Linux Kernel+4

Published

2024-04-17

Updated

2025-10-13

CVE-2024-26908

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel versions up to 6.7.10

Description A critical null pointer dereference issue has been identified in the Linux Kernel. The issue is related to the kasprintf function in xen/smp.c. It is recommended to audit systems using vulnerable versions and monitor for exploit attempts. Additionally, ensuring strong network segmentation is advised.

Recommendations For Linux Kernel versions up to 6.7.10, upgrade the kernel to a patched version to resolve the issue. As a temporary workaround, consider restricting access to the xen/smp.c module to minimize the risk of exploitation. Ensure strong network segmentation to reduce the attack surface.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALSA-2024:5101

ALSA-2024:5928

CESA-2024_5101

CVE-2024-26908

INFSA-2024_5101

INFSA-2024_5928

OESA-2024-1647

OESA-2024-1648

OESA-2024-1649

OESA-2024-1650

OESA-2024-1651

OESA-2024-1652

RHSA-2024:4823

RHSA-2024:4902

RHSA-2024:5101

RHSA-2024:5928

RHSA-2024:6992

RHSA-2024:6993

RHSA-2024:7002

RHSA-2024_5101

RHSA-2024_5928

RLSA-2024:5101

RXSA-2024:5101

Affected Products

Almalinux

Centos

Linux Kernel

Red Hat

Rocky Linux

PT-2024-21574 · Linux+4 · Linux Kernel+4

CVE-2024-26908

Related Identifiers

Affected Products

References · 675