CVE-2024-26782

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Apr 4, 2024

Updated: Jan 10, 2025

CWE ID 415

Summary

CVE-2024-26782 is a vulnerability in the Linux kernel that impacts the mptcp module. When the MPTCP server accepts an incoming connection, it clones a listener socket, leading to a double-free issue in inet_sock_destruct function. This can result in a kernel panic and memory leak. The issue was discovered during a KASAN memory error check and affected the 6.8.0-rc1+ kernel version. The affected memory was allocated by task 6853 and freed by task 6858. The buggy address, 0000000056d1e95e, is located in the cache kmalloc-64 region of size 64 bytes and belongs to the physical page with index 0xffff888485950700.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uk6tGF
https://www.cve.org/CVERecord?id=CVE-2024-26782
https://nvd.nist.gov/vuln/detail/CVE-2024-26782

Back to Vulnerability Database

CVE-2024-26782

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations