PT-2024-21582 · Linux+9 · Linux Kernel+9

Sean Anderson

Published

2024-04-17

Updated

2025-10-08

CVE-2024-26919

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a debugfs directory leak in the Linux kernel's ULPI (UTMI+ Low Pin Interface) driver. The ULPI per-device debugfs root is named after the ulpi device's parent, but the ulpi unregister interface function tries to remove a debugfs directory named after the ulpi device itself. This results in the directory sticking around and preventing subsequent (deferred) probes from succeeding. The fix involves changing the directory name to match the ulpi device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALSA-2024:3618

ALSA-2024:3627

ALSA-2025_16880

CESA-2024_3618

CESA-2024_3627

CVE-2024-26919

INFSA-2024_3618

INFSA-2024_3627

RHSA-2024:3618

RHSA-2024:3627

RHSA-2024_3618

RHSA-2024_3627

RLSA-2024:3618

RLSA-2024:3627

SUSE-SU-2024:2008-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2190-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6895-1

USN-6895-2

USN-6895-3

USN-6895-4

USN-6900-1

Affected Products

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-21582 · Linux+9 · Linux Kernel+9

CVE-2024-26919

Related Identifiers

Affected Products

References · 2760