CVE-2024-26734

Summary

In the Linux kernel, the following vulnerability has been resolved:

devlink: fix possible use-after-free and memory leaks in devlink_init()

The pernet operations structure for the subsystem must be registered before registering the generic netlink family.

Make an unregister in case of unsuccessful registration.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux687125b5799cd5120437fa455cfccbe8537916ff < 919092bd5482b7070ae66d1daef73b600738f3a2affected
LinuxLinux687125b5799cd5120437fa455cfccbe8537916ff < e91d3561e28d7665f4f837880501dc8755f635a9affected
LinuxLinux687125b5799cd5120437fa455cfccbe8537916ff < def689fc26b9a9622d2e2cb0c4933dd3b1c8071caffected
LinuxLinux6.3affected
LinuxLinux0 < 6.3unaffected
LinuxLinux6.6.19 <= 6.6.*unaffected
LinuxLinux6.7.7 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References