What is CVE-2024-26710?

CVE-2024-26710 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2024-26710 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-26710?

CVE-2024-26710 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-26710?

No patch is currently available for CVE-2024-26710. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-26710 actively exploited?

CVE-2024-26710 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-26710

Medium

In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Limit KASAN thread size increase to 32KB KASAN is seen to increase stack usage, to the point that it was reported to lead to stack overflow on some 32-bit machines (see link). To avoid overflows the stack size was doubled for KASAN builds in commit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with KASAN"). However with a 32KB stack size to begin with, the doubling leads to a 64KB stack, which causes build errors: arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between 0xffffffffffff8000 and 0x0000000000007fff) Although the asm could be reworked, in practice a 32KB stack seems sufficient even for KASAN builds - the additional usage seems to be in the 2-3KB range for a 64-bit KASAN build. So only increase the stack for KASAN if the stack size is < 32KB.

Package Linux Kernel

Published 2024-04-03

Last modified 2025-12-23

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-770

CVE-2024-26710 is classified as CWE-770

See CWE-770 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2024-26710 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/4cc31fa07445879a13750cb061bb8c2654975fcb
Patch
Kernel patch commit
https://git.kernel.org/stable/c/b29b16bd836a838b7690f80e37f8376414c74cbe
Patch
Kernel patch commit
https://git.kernel.org/stable/c/f1acb109505d983779bbb7e20a1ee6244d2b5736
Patch

5 patch commits total View all on NVD

Details

CVE ID CVE-2024-26710

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-04-03

Modified 2025-12-23

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-26710?

CVE-2024-26710 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2024-26710 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-26710?

CVE-2024-26710 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-26710?

No patch is currently available for CVE-2024-26710. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-26710 actively exploited?

No — CVE-2024-26710 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.