PT-2024-7872 · Linux+4 · Linux Kernel+4

Published

2024-03-06

Updated

2025-02-03

CVE-2024-26959

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc7

Description The vulnerability is related to the btnxpuart component in the Linux kernel, specifically with the btnxpuart close() function. It is caused by improper input validation, which can lead to a denial of service. The issue is resolved by properly purging the transmit queue and freeing the receive skb in the btnxpuart close() function.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the btnxpuart close() function. As a temporary workaround, consider disabling the btnxpuart close() function until a patch is available.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2024-09374

CVE-2024-26959

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6878-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2024-7872 · Linux+4 · Linux Kernel+4

CVE-2024-26959

Weakness Enumeration

Related Identifiers

Affected Products

References · 2146