PT-2024-3349 · Linux+5 · Linux Kernel+5

Rishabh Dave

·

Published

2024-02-07

·

Updated

2026-01-29

·

CVE-2024-26689

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a "use after free" error in the encode cap msg() function, which is called by send cap() and ceph check caps() after calling prep cap(). This error occurs due to a race condition where the resource is freed by the handle cap grant() function before the refcount can be incremented. The error was caught by KASAN at the line ceph buffer get(arg->xattr buf). The vulnerability may allow an attacker to impact the confidentiality and availability of protected information.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-362

Related Identifiers

BDU:2024-03621
CVE-2024-26689
DLA-3842-1
DSA-5658-1
DSA-5681-1
LSN-0112-1
OESA-2024-1620
OESA-2024-1621
OESA-2024-1622
OESA-2024-1647
OESA-2025-1161
OPENSUSE-SU-2024_1490-1
OPENSUSE-SU-2024_1641-1
OPENSUSE-SU-2024_1642-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
SUSE-SU-2024:1490-1
SUSE-SU-2024:1641-1
SUSE-SU-2024:1642-1
SUSE-SU-2024:1643-1
SUSE-SU-2024:1645-1
SUSE-SU-2024:1646-1
SUSE-SU-2024:1647-1
SUSE-SU-2024:1650-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
SUSE-SU-2024:1870-1
USN-6766-1
USN-6766-2
USN-6766-3
USN-6795-1
USN-6828-1
USN-6895-1
USN-6895-2
USN-6895-3
USN-6895-4
USN-6900-1
USN-7495-1
USN-7495-2
USN-7495-3
USN-7496-1
USN-7496-2
USN-7496-3
USN-7496-4
USN-7496-5
USN-7506-1
USN-7506-2
USN-7506-3
USN-7506-4
USN-7517-1
USN-7517-2
USN-7517-3
USN-7518-1
USN-7539-1
USN-7540-1
USN-7640-1
USN-7986-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu