PT-2024-3345 · Linux+4 · Linux Kernel+4

Published

2024-01-31

Updated

2025-02-03

CVE-2024-26623

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a NULL pointer dereference that can occur due to race conditions involving the adminq in the pds core module of the Linux kernel. This happens when the device goes through a reset via PCIe reset and/or a fw down/fw up cycle due to bad PCIe state or bad device state, causing the adminq to be destroyed and recreated. To fix this, further state checks and reference counting for adminq uses have been implemented. The reference counting is used because multiple threads can attempt to access the adminq at the same time, and multiple clients can be using it simultaneously.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-362

Related Identifiers

BDU:2024-03617

CVE-2024-26623

SUSE-SU-2024:2802-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6765-1

USN-6818-1

USN-6818-2

USN-6818-3

USN-6818-4

USN-6819-1

USN-6819-2

USN-6819-3

USN-6819-4

Affected Products

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-3345 · Linux+4 · Linux Kernel+4

CVE-2024-26623

Weakness Enumeration

Related Identifiers

Affected Products

References · 2106