CVE-2024-26688

Summary

CVE-2024-26688 is a vulnerability affecting the Linux kernel that results in a NULL pointer dereference in the function hugetlbs_fill_super(). This issue occurs when an invalid page size is specified during the configuration of a hugetlb filesystem using the fsconfig() syscall. The dereference occurs when the hstate variable is assigned NULL in hugetlbs_parse_param(), which is later used in hugetlbs_fill_super() to retrieve the block size of the filesystem. This can lead to a kernel Oops and potentially allow an attacker to cause a denial-of-service or gain unauthorized access. To mitigate this vulnerability, developers should ensure that only valid page sizes are accepted during the configuration of hugetlb filesystems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.