PT-2024-7727 · Linux+2 · Linux Kernel+2

Tony Zhu

Published

2024-02-19

Updated

2025-09-29

CVE-2024-26746

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc2+

Description The issue arises because the event log cache is created using kmem cache create(), which is not suitable for user copy. When CONFIG HARDENED USERCOPY is enabled, copying the completion record from the event log cache to the user triggers a kernel bug. This can lead to a kernel memory exposure attempt, causing the kernel to crash. The fix involves creating the event log cache with kmem cache create usercopy(), ensuring safe user copy.

Recommendations To resolve the issue, create the event log cache with kmem cache create usercopy() instead of kmem cache create(), ensuring safe user copy. This change will prevent the kernel bug from occurring when CONFIG HARDENED USERCOPY is enabled.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

BDU:2024-09192

CVE-2024-26746

INFSA-2024_9315

RHSA-2024:9315

RHSA-2024_9315

Affected Products

Linux Kernel

Red Hat

Red Os

PT-2024-7727 · Linux+2 · Linux Kernel+2

CVE-2024-26746

Weakness Enumeration

Related Identifiers

Affected Products

References · 26