PT-2024-3404 · Linux+2 · Linux Kernel+2

Syzbot

Published

2024-02-21

Updated

2025-02-03

CVE-2024-26731

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to a NULL pointer dereference in the sk psock verdict data ready() function. This occurs when sk psock verdict data ready() and sk psock stop verdict() are called concurrently, causing psock->saved data ready to be NULL. The problem is fixed by calling the appropriate data ready function using the sk psock data ready() helper and protecting it from concurrency with sk->sk callback lock.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2024-03676

CVE-2024-26731

DSA-5658-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

Affected Products

Linux Kernel

Red Os

Suse

PT-2024-3404 · Linux+2 · Linux Kernel+2

CVE-2024-26731

Weakness Enumeration

Related Identifiers

Affected Products

References · 1916