PT-2024-21591 · Linux+6 · Linux Kernel+6

Mike Rapoport

+2

·

Published

2024-03-07

·

Updated

2026-03-14

·

CVE-2024-26947

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.2
Description A vulnerability in the Linux kernel has been resolved, which was caused by a change in the semantics of the pfn valid() function. This change led to a crash during a UIO test with a specific memory layout. The crash occurred because a valid page for a reserved but not mapped address by the kernel was not properly handled. The issue was solved by checking if PG reserved was set.
Recommendations To resolve this issue, upgrade the Linux kernel to a version newer than 6.8.2.
Note: The provided information does not specify the exact version that contains the fix, but it is mentioned that versions up to 6.8.2 are affected. Therefore, upgrading to a newer version should mitigate the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-439

Related Identifiers

ALSA-2024:6997
ALSA-2025_16880
AZL-67481
BDU:2026-03498
CVE-2024-26947
ECHO-4540-049F-2630
INFSA-2024_6997
OESA-2024-1737
OESA-2024-1738
RHSA-2024:5066
RHSA-2024:5067
RHSA-2024:6997
RHSA-2024_6997
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6878-1
USN-7159-1
USN-7159-2
USN-7159-3
USN-7159-4
USN-7159-5
USN-7166-1
USN-7166-2
USN-7166-3
USN-7166-4
USN-7186-1
USN-7186-2
USN-7194-1
USN-7195-1
USN-7195-2

Affected Products

Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Ubuntu