What is CVE-2024-26876?

CVE-2024-26876 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2024-26876 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-26876?

CVE-2024-26876 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-26876?

No patch is currently available for CVE-2024-26876. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-26876 actively exploited?

CVE-2024-26876 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-26876

Medium

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: adv7511: fix crash on irq during probe Moved IRQ registration down to end of adv7511_probe(). If an IRQ already is pending during adv7511_probe (before adv7511_cec_init) then cec_received_msg_ts could crash using uninitialized data: Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5 Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP Call trace: cec_received_msg_ts+0x48/0x990 [cec] adv7511_cec_irq_process+0x1cc/0x308 [adv7511] adv7511_irq_process+0xd8/0x120 [adv7511] adv7511_irq_handler+0x1c/0x30 [adv7511] irq_thread_fn+0x30/0xa0 irq_thread+0x14c/0x238 kthread+0x190/0x1a8

Package Linux Kernel

Published 2024-04-17

Last modified 2025-03-04

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-908

CVE-2024-26876 is classified as CWE-908

See CWE-908 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2024-26876 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/28a94271bd50e4cf498df0381f776f8ea40a289e
Patch
Kernel patch commit
https://git.kernel.org/stable/c/50f4b57e9a9db4ede9294f39b9e75b5f26bae9b7
Patch
Kernel patch commit
https://git.kernel.org/stable/c/955c1252930677762e0db2b6b9e36938c887445c
Patch

4 patch commits total View all on NVD

Details

CVE ID CVE-2024-26876

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-04-17

Modified 2025-03-04

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-26876?

CVE-2024-26876 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2024-26876 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-26876?

CVE-2024-26876 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-26876?

No patch is currently available for CVE-2024-26876. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-26876 actively exploited?

No — CVE-2024-26876 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.