PT-2024-7288 · Linux+5 · Linux Kernel+5

Jiangfeng Xiao

Published

2024-02-05

Updated

2025-09-29

CVE-2024-26712

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to a buffer overflow in the kasan component of the Linux kernel. When k start is not page aligned, the calculation of va results in an invalid address, leading to memory overwriting. This occurs because the memory address space from va to block is not allocated by memblock alloc and will not be reserved by memblock reserve later, allowing it to be used by other parts of the system. The vulnerability can cause memory overwriting, potentially leading to a denial of service.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

BDU:2024-08642

CVE-2024-26712

DLA-3842-1

DSA-5658-1

DSA-5681-1

INFSA-2024_9315

OESA-2024-1647

OESA-2024-1648

OESA-2024-1649

OESA-2024-1650

RHSA-2024:9315

RHSA-2024_9315

USN-6766-1

USN-6766-2

USN-6766-3

USN-6795-1

USN-6828-1

USN-6831-1

USN-6867-1

USN-6895-1

USN-6895-2

USN-6895-3

USN-6895-4

USN-6900-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Hat

Red Os

Ubuntu

PT-2024-7288 · Linux+5 · Linux Kernel+5

CVE-2024-26712

Weakness Enumeration

Related Identifiers

Affected Products

References · 451