PT-2024-7910 · Linux+5 · Linux Kernel+5

Harald Freudenberger

·

Published

2024-03-13

·

Updated

2025-03-28

·

CVE-2024-26957

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-HF #2
Description The vulnerability is related to incorrect reference handling of the zcrypt card object in the Linux kernel, specifically in the s390/zcrypt component. This can lead to a use-after-free condition, potentially allowing an attacker to elevate privileges in the system. The issue was identified through tests with hot-plugging crypto cards on KVM guests with a debug kernel build. Technical details include the involvement of functions such as zcrypt card alloc and zcrypt card put, and the slab message indicates an incorrect first byte, suggesting memory corruption.
Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the s390/zcrypt reference counting issue, which is version 6.8.0-HF #2 or later. Ensure that all systems using the affected kernel versions are updated to prevent potential exploitation of this vulnerability.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2024-09414
CVE-2024-26957
DLA-3842-1
DSA-5681-1
OESA-2024-1677
OESA-2024-1678
OESA-2024-1682
SUSE-SU-2024:1979-1
SUSE-SU-2024:1983-1
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2184-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20249-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6878-1
USN-6896-1
USN-6896-2
USN-6896-3
USN-6896-4
USN-6896-5
USN-6898-1
USN-6898-2
USN-6898-3
USN-6898-4
USN-6917-1
USN-6919-1
USN-6927-1
USN-7019-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu