PT-2024-3413 · Linux+6 · Linux Kernel+6

Published

2024-02-29

·

Updated

2025-09-29

·

CVE-2024-26793

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.8.0-rc6-std-def-alt1 #1
Description: The vulnerability is related to a use-after-free and null-ptr-deref issue in the gtp newlink function. The gtp link ops operations structure for the subsystem must be registered after registering the gtp net ops pernet operations structure. This issue can cause a general protection fault, probably due to a non-canonical address. The vulnerability was identified by Syzkaller, which hit a 'general protection fault in gtp genl dump pdp' bug.
Recommendations: To resolve this issue, update the Linux kernel to a version that includes the fix for the gtp newlink function. Specifically, update to a version later than 6.8.0-rc6-std-def-alt1 #1.
Note: The provided input data does not specify the exact fixed version, so it is recommended to update to the latest available version of the Linux kernel.

Exploit

Fix

Use After Free

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-476

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-3574
BDU:2024-03685
CVE-2024-26793
DLA-3840-1
DLA-3842-1
DSA-5658-1
DSA-5681-1
OESA-2024-1617
OESA-2024-1618
OESA-2025-1095
OESA-2025-1096
OPENSUSE-SU-2024_1490-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
SUSE-SU-2024:1490-1
SUSE-SU-2024:1643-1
SUSE-SU-2024:1646-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
SUSE-SU-2024:1870-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
USN-6820-1
USN-6820-2
USN-6821-1
USN-6821-2
USN-6821-3
USN-6821-4
USN-6828-1
USN-6831-1
USN-6867-1
USN-6871-1
USN-6892-1
USN-6919-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu