CVE-2024-26961

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.8

Description: The vulnerability is related to the function mac802154 llsec key del() in the Linux kernel, which can free resources of a key directly without following the RCU rules for waiting before the end of a grace period. This may lead to use-after-free in case llsec lookup key() is traversing the list of keys in parallel with a key deletion. The issue is caused by the function not properly releasing resources, resulting in a potential use-after-free scenario. The ieee802154 llsec key entry structures are not freed by mac802154 llsec key del(), leading to an unreferenced object. The vulnerability was found by the Linux Verification Center.

Recommendations: To resolve the issue, update the Linux kernel to version 6.8 or later, which includes the fix for the mac802154 llsec key del() function. As a temporary workaround, consider disabling the mac802154 llsec key del() function until a patch is available. Restrict access to the vulnerable module mac802154 to minimize the risk of exploitation. Avoid using the llsec lookup key() function in parallel with key deletion until the issue is resolved.