PT-2024-3391 · Linux+5 · Linux Kernel+5

Toke Høiland-Jørgensen

·

Published

2024-03-07

·

Updated

2025-09-29

·

CVE-2024-26883

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to an integer overflow in the stackmap code of the Linux kernel on 32-bit architectures. This overflow occurs when the roundup pow of two() function is used to compute the number of hash buckets, and it contains an overflow check by verifying if the resulting value is 0. However, on 32-bit architectures, the roundup code itself can overflow due to a 32-bit left-shift of an unsigned long value, which is undefined behavior and may not truncate neatly. The problem was triggered by syzbot on the DEVMAP HASH type, which includes the same check copied from the hashtab code.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-14046
ALT-PU-2024-7511
AZL-40094
BDU:2024-03663
CVE-2024-26883
DLA-3840-1
DLA-3842-1
DSA-5681-1
OESA-2024-1520
OESA-2024-1524
OESA-2024-1536
OESA-2024-1541
OPENSUSE-SU-2024_1644-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
SUSE-SU-2024:1643-1
SUSE-SU-2024:1644-1
SUSE-SU-2024:1646-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
SUSE-SU-2024:1870-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6820-1
USN-6820-2
USN-6821-1
USN-6821-2
USN-6821-3
USN-6821-4
USN-6828-1
USN-6871-1
USN-6878-1
USN-6892-1
USN-6896-1
USN-6896-2
USN-6896-3
USN-6896-4
USN-6896-5
USN-6919-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu