What is CVE-2024-26993?

CVE-2024-26993 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2024-26993 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-26993?

CVE-2024-26993 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-26993?

No patch is currently available for CVE-2024-26993. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-26993 actively exploited?

CVE-2024-26993 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-26993

Medium

In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfs_break_active_protection() The sysfs_break_active_protection() routine has an obvious reference leak in its error path. If the call to kernfs_find_and_get() fails then kn will be NULL, so the companion sysfs_unbreak_active_protection() routine won't get called (and would only cause an access violation by trying to dereference kn->parent if it was called). As a result, the reference to kobj acquired at the start of the function will never be released. Fix the leak by adding an explicit kobject_put() call when kn is NULL.

Package Linux Kernel

Published 2024-05-01

Last modified 2026-05-12

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

The following references provide additional information about CVE-2024-26993 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Mailing List Third Party Advisory
Debian Security
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Mailing List Third Party Advisory
Lists
https://lists.fedoraproject.org/archives/list/[email protected]/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/
Lists
https://lists.fedoraproject.org/archives/list/[email protected]/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/
Lists
https://lists.fedoraproject.org/archives/list/[email protected]/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/
Cert-Portal
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Cert-Portal
https://cert-portal.siemens.com/productcert/html/ssa-613116.html
Kernel patch commit
https://git.kernel.org/stable/c/43f00210cb257bcb0387e8caeb4b46375d67f30c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/57baab0f376bec8f54b0fe6beb8f77a57c228063
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5d43e072285e81b0b63cee7189b3357c7768a43b
Patch

8 patch commits total View all on NVD

Details

CVE ID CVE-2024-26993

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-05-01

Modified 2026-05-12

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-26993?

CVE-2024-26993 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2024-26993 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-26993?

CVE-2024-26993 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-26993?

No patch is currently available for CVE-2024-26993. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-26993 actively exploited?

No — CVE-2024-26993 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.