What is CVE-2024-26875?

CVE-2024-26875 is a Medium severity Linux kernel vulnerability with a CVSS score of 6.4 out of 10, classified as a Use After Free flaw (CWE-416). CVE-2024-26875 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-26875?

CVE-2024-26875 has a CVSS score of 6.4 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H.

Is there a patch available for CVE-2024-26875?

No patch is currently available for CVE-2024-26875. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-26875 actively exploited?

CVE-2024-26875 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Use After Free (CWE-416)?

The product references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/416.html

CVE-2024-26875

Medium

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix uaf in pvr2_context_set_notify [Syzbot reported] BUG: KASAN: slab-use-after-free in pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35 Read of size 4 at addr ffff888113aeb0d8 by task kworker/1:1/26 CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.8.0-rc1-syzkaller-00046-gf1a27f081c1f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Workqueue: usb_hub_wq hub_event Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc4/0x620 mm/kasan/report.c:488 kasan_report+0xda/0x110 mm/kasan/report.c:601 pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35 pvr2_context_notify drivers/media/usb/pvrusb2/pvrusb2-context.c:95 [inline] pvr2_context_disconnect+0x94/0xb0 drivers/media/usb/pvrusb2/pvrusb2-context.c:272 Freed by task 906: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640 poison_slab_object mm/kasan/common.c:241 [inline] __kasan_slab_free+0x106/0x1b0 mm/kasan/common.c:257 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2121 [inline] slab_free mm/slub.c:4299 [inline] kfree+0x105/0x340 mm/slub.c:4409 pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:137 [inline] pvr2_context_thread_func+0x69d/0x960 drivers/media/usb/pvrusb2/pvrusb2-context.c:158 [Analyze] Task A set disconnect_flag = !0, which resulted in Task B's condition being met and releasing mp, leading to this issue. [Fix] Place the disconnect_flag assignment operation after all code in pvr2_context_disconnect() to avoid this issue.

Package Linux Kernel

Published 2024-04-17

Last modified 2026-05-12

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

6.4

out of 10

Medium

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Vector string

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Weakness type

CWE-416

CVE-2024-26875 is a Use After Free vulnerability

What is Use After Free?

The product references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code. Learn more on MITRE CWE

References

The following references provide additional information about CVE-2024-26875 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Mailing List Third Party Advisory
Debian Security
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Mailing List Third Party Advisory
Cert-Portal
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Kernel patch commit
https://git.kernel.org/stable/c/0a0b79ea55de8514e1750884e5fec77f9fdd01ee
Patch
Kernel patch commit
https://git.kernel.org/stable/c/3a1ec89708d2e57e2712f46241282961b1a7a475
Patch
Kernel patch commit
https://git.kernel.org/stable/c/40cd818fae875c424a8335009db33c7b5a07de3a
Patch

9 patch commits total View all on NVD

Details

CVE ID CVE-2024-26875

Severity Medium

CVSS score 6.4 / 10

CVSS version 3.1

Published 2024-04-17

Modified 2026-05-12

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-26875?

CVE-2024-26875 is a Medium severity Linux kernel vulnerability with a CVSS score of 6.4 out of 10 , classified as an Use After Free flaw (CWE-416) . CVE-2024-26875 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-26875?

CVE-2024-26875 has a CVSS score of 6.4 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H.
Is there a patch available for CVE-2024-26875?

No patch is currently available for CVE-2024-26875. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-26875 actively exploited?

No — CVE-2024-26875 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Use After Free (CWE-416)?

The product references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code. View CWE-416 on MITRE CWE →