PT-2024-7703 · Linux+9 · Linux Kernel+9

Syzbot

Published

2024-02-19

Updated

2025-09-29

CVE-2024-26852

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc4-syzkaller-01035-gea7f3cfaa588

Description The vulnerability is related to a use-after-free issue in the ip6 route mpath notify() function. This issue can be exploited to potentially elevate privileges in the system. The vulnerability was discovered by syzbot, and a commit was made to prevent the use-after-free, but it did not fully address the root cause. The fib6 info release() calls need to be deferred after ip6 route mpath notify() in the cleanup phase.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, versions after 6.8.0-rc4-syzkaller-01035-gea7f3cfaa588 should include the necessary patches. As a temporary workaround, consider disabling the ip6 route mpath notify() function until a patch is available. However, this may have unintended consequences on the system's networking functionality.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:4928

ALSA-2024:5101

ALSA-2024:5102

ALSA-2025_16880

BDU:2024-09160

CESA-2024_5101

CESA-2024_5102

CVE-2024-26852

DLA-3840-1

DLA-3842-1

DSA-5681-1

INFSA-2024_4928

INFSA-2024_5101

INFSA-2024_5102

OESA-2024-1617

OESA-2024-1618

OESA-2024-1622

OESA-2024-1768

OPENSUSE-SU-2024_1642-1

OPENSUSE-SU-2024_1644-1

OPENSUSE-SU-2024_1659-1

OPENSUSE-SU-2024_1663-1

OPENSUSE-SU-2024_2189-1

OPENSUSE-SU-2024_3623-1

OPENSUSE-SU-2024_3631-1

OPENSUSE-SU-2024_3639-1

OPENSUSE-SU-2024_3651-1

OPENSUSE-SU-2024_3652-1

OPENSUSE-SU-2024_3679-1

OPENSUSE-SU-2024_3694-1

OPENSUSE-SU-2024_3695-1

OPENSUSE-SU-2024_3696-1

OPENSUSE-SU-2024_3697-1

OPENSUSE-SU-2024_3700-1

OPENSUSE-SU-2024_3793-1

OPENSUSE-SU-2024_3798-1

OPENSUSE-SU-2024_3806-1

OPENSUSE-SU-2024_3814-1

OPENSUSE-SU-2024_3815-1

OPENSUSE-SU-2024_3829-1

OPENSUSE-SU-2024_3830-1

OPENSUSE-SU-2024_3837-1

OPENSUSE-SU-2024_3842-1

OPENSUSE-SU-2024_3851-1

OPENSUSE-SU-2024_3852-1

OPENSUSE-SU-2024_3855-1

OPENSUSE-SU-2024_4122-1

OPENSUSE-SU-2024_4123-1

OPENSUSE-SU-2024_4124-1

OPENSUSE-SU-2024_4214-1

OPENSUSE-SU-2024_4216-1

OPENSUSE-SU-2024_4218-1

OPENSUSE-SU-2024_4234-1

OPENSUSE-SU-2024_4235-1

OPENSUSE-SU-2024_4236-1

OPENSUSE-SU-2024_4256-1

OPENSUSE-SU-2024_4264-1

OPENSUSE-SU-2024_4266-1

OPENSUSE-SU-2025_0101-1

OPENSUSE-SU-2025_0106-1

OPENSUSE-SU-2025_0107-1

OPENSUSE-SU-2025_0109-1

OPENSUSE-SU-2025_0114-1

OPENSUSE-SU-2025_0115-1

OPENSUSE-SU-2025_0124-1

OPENSUSE-SU-2025_0150-1

OPENSUSE-SU-2025_0158-1

OPENSUSE-SU-2025_0240-1

OPENSUSE-SU-2025_0244-1

OPENSUSE-SU-2025_0248-1

OPENSUSE-SU-2025_0251-1

OPENSUSE-SU-2025_0252-1

OPENSUSE-SU-2025_0253-1

OPENSUSE-SU-2025_0261-1

OPENSUSE-SU-2025_0264-1

OPENSUSE-SU-2025_0266-1

RHSA-2024:4533

RHSA-2024:4554

RHSA-2024:4902

RHSA-2024:4928

RHSA-2024:5101

RHSA-2024:5102

RHSA-2024:6206

RHSA-2024_4928

RHSA-2024_5101

RHSA-2024_5102

RLSA-2024:4928

RLSA-2024:5101

RLSA-2024:5102

RXSA-2024:4928

RXSA-2024:5101

SUSE-SU-2024:1642-1

SUSE-SU-2024:1643-1

SUSE-SU-2024:1644-1

SUSE-SU-2024:1645-1

SUSE-SU-2024:1646-1

SUSE-SU-2024:1650-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

SUSE-SU-2024:1870-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2091-1

SUSE-SU-2024:2092-1

SUSE-SU-2024:2094-1

SUSE-SU-2024:2096-1

SUSE-SU-2024:2099-1

SUSE-SU-2024:2100-1

SUSE-SU-2024:2101-1

SUSE-SU-2024:2109-1

SUSE-SU-2024:2115-1

SUSE-SU-2024:2120-1

SUSE-SU-2024:2121-1

SUSE-SU-2024:2123-1

SUSE-SU-2024:2124-1

SUSE-SU-2024:2130-1

SUSE-SU-2024:2139-1

SUSE-SU-2024:2143-1

SUSE-SU-2024:2145-1

SUSE-SU-2024:2148-1

SUSE-SU-2024:2156-1

SUSE-SU-2024:2160-1

SUSE-SU-2024:2162-1

SUSE-SU-2024:2163-1

SUSE-SU-2024:2164-1

SUSE-SU-2024:2165-1

SUSE-SU-2024:2166-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2191-1

SUSE-SU-2024:2202-1

SUSE-SU-2024:2205-1

SUSE-SU-2024:2207-1

SUSE-SU-2024:2208-1

SUSE-SU-2024:2209-1

SUSE-SU-2024:2216-1

SUSE-SU-2024:2217-1

SUSE-SU-2024:2221-1

SUSE-SU-2024:2335-1

SUSE-SU-2024:2337-1

SUSE-SU-2024:2343-1

SUSE-SU-2024:2344-1

SUSE-SU-2024:2357-1

SUSE-SU-2024:2373-1

SUSE-SU-2024:2382-1

SUSE-SU-2024:2446-1

SUSE-SU-2024:2447-1

SUSE-SU-2024:2448-1

SUSE-SU-2024:2449-1

SUSE-SU-2024:2472-1

SUSE-SU-2024:2473-1

SUSE-SU-2024:2558-1

SUSE-SU-2024:2722-1

SUSE-SU-2024:2725-1

SUSE-SU-2024:2740-1

SUSE-SU-2024:2751-1

SUSE-SU-2024:2755-1

SUSE-SU-2024:2758-1

SUSE-SU-2024:2773-1

SUSE-SU-2024:2821-1

SUSE-SU-2024:2824-1

SUSE-SU-2024:2825-1

SUSE-SU-2024:2840-1

SUSE-SU-2024:2841-1

SUSE-SU-2024:2843-1

SUSE-SU-2024:2850-1

SUSE-SU-2024:2851-1

SUSE-SU-2024:3034-1

SUSE-SU-2024:3037-1

SUSE-SU-2024:3043-1

SUSE-SU-2024:3044-1

SUSE-SU-2024:3048-1

SUSE-SU-2024:3318-1

SUSE-SU-2024:3336-1

SUSE-SU-2024:3347-1

SUSE-SU-2024:3348-1

SUSE-SU-2024:3363-1

SUSE-SU-2024:3368-1

SUSE-SU-2024:3375-1

SUSE-SU-2024:3379-1

SUSE-SU-2024:3399-1

SUSE-SU-2024:3623-1

SUSE-SU-2024:3631-1

SUSE-SU-2024:3639-1

SUSE-SU-2024:3642-1

SUSE-SU-2024:3649-1

SUSE-SU-2024:3651-1

SUSE-SU-2024:3652-1

SUSE-SU-2024:3662-1

SUSE-SU-2024:3679-1

SUSE-SU-2024:3694-1

SUSE-SU-2024:3695-1

SUSE-SU-2024:3696-1

SUSE-SU-2024:3697-1

SUSE-SU-2024:3700-1

SUSE-SU-2024:3793-1

SUSE-SU-2024:3796-1

SUSE-SU-2024:3798-1

SUSE-SU-2024:3803-1

SUSE-SU-2024:3806-1

SUSE-SU-2024:3814-1

SUSE-SU-2024:3815-1

SUSE-SU-2024:3820-1

SUSE-SU-2024:3829-1

SUSE-SU-2024:3830-1

SUSE-SU-2024:3837-1

SUSE-SU-2024:3842-1

SUSE-SU-2024:3851-1

SUSE-SU-2024:3852-1

SUSE-SU-2024:3855-1

SUSE-SU-2024:4122-1

SUSE-SU-2024:4123-1

SUSE-SU-2024:4124-1

SUSE-SU-2024:4214-1

SUSE-SU-2024:4216-1

SUSE-SU-2024:4218-1

SUSE-SU-2024:4226-1

SUSE-SU-2024:4234-1

SUSE-SU-2024:4235-1

SUSE-SU-2024:4236-1

SUSE-SU-2024:4242-1

SUSE-SU-2024:4256-1

SUSE-SU-2024:4263-1

SUSE-SU-2024:4264-1

SUSE-SU-2024:4266-1

SUSE-SU-2024:4367-1

SUSE-SU-2025:0035-1

SUSE-SU-2025:0101-1

SUSE-SU-2025:0103-1

SUSE-SU-2025:0106-1

SUSE-SU-2025:0107-1

SUSE-SU-2025:0109-1

SUSE-SU-2025:0114-1

SUSE-SU-2025:0115-1

SUSE-SU-2025:0124-1

SUSE-SU-2025:0150-1

SUSE-SU-2025:0158-1

SUSE-SU-2025:0240-1

SUSE-SU-2025:0244-1

SUSE-SU-2025:0248-1

SUSE-SU-2025:0251-1

SUSE-SU-2025:0252-1

SUSE-SU-2025:0253-1

SUSE-SU-2025:0261-1

SUSE-SU-2025:0264-1

SUSE-SU-2025:0266-1

SUSE-SU-2025:20028-1

USN-6820-1

USN-6820-2

USN-6821-1

USN-6821-2

USN-6821-3

USN-6821-4

USN-6828-1

USN-6871-1

USN-6892-1

USN-6896-1

USN-6896-2

USN-6896-3

USN-6896-4

USN-6896-5

USN-6919-1

Affected Products

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-7703 · Linux+9 · Linux Kernel+9

CVE-2024-26852

Weakness Enumeration

Related Identifiers

Affected Products

References · 4517