PT-2024-3392 · Linux+5 · Linux Kernel+5
Toke Høiland-Jørgensen
·
Published
2024-03-07
·
Updated
2025-09-29
·
CVE-2024-26884
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue is related to an integer overflow in the hashtab code of the Linux kernel on 32-bit architectures. The hashtab code uses the roundup pow of two() function to compute the number of hash buckets and contains an overflow check. However, on 32-bit architectures, the roundup code itself can overflow due to a 32-bit left-shift of an unsigned long value, which is undefined behavior. This was triggered by syzbot on the DEVMAP HASH type. The exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Integer Overflow
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu