Login Sign Up

CVE-2024-26599

7.8 HIGH

📋 TL;DR

This CVE describes an out-of-bounds memory access vulnerability in the Linux kernel's PWM (Pulse Width Modulation) subsystem. When args->args_count equals 2, the code incorrectly accesses args->args[2] instead of args->args[1] for flags, potentially allowing kernel memory corruption. This affects all Linux systems using the PWM subsystem.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE, but patches are available in stable kernel trees. Likely affects multiple kernel versions before the fix.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires PWM subsystem to be enabled and used. Not all systems may have PWM functionality enabled or in use.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, kernel panic causing system crash, or arbitrary code execution in kernel context leading to complete system compromise.

🟠

Likely Case

Kernel panic causing system crash or denial of service, potentially leading to privilege escalation if combined with other vulnerabilities.

🟢

If Mitigated

Limited to denial of service if proper kernel hardening and privilege separation are in place.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring local access to exploit.
🏢 Internal Only: MEDIUM - Internal users with local access could potentially exploit this, but requires specific PWM subsystem usage.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and specific conditions to trigger the vulnerable code path. The vulnerability is in kernel space but requires PWM subsystem interaction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees (commits: 7b85554c7c2aee91171e038e4d5442ffa130b282, a297d07b9a1e4fb8cda25a4a2363a507d294b7c9, bae45b7ebb31984b63b13c3519fd724b3ce92123, e5f2b4b62977fb6c2efcbc5779e0c9dce18215f7)

Vendor Advisory: https://git.kernel.org/stable/c/7b85554c7c2aee91171e038e4d5442ffa130b282

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution's repositories. 2. For custom kernels, apply the relevant patch from the stable kernel tree. 3. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable PWM subsystem

linux

If PWM functionality is not required, disable the PWM subsystem in kernel configuration to remove the vulnerable code path.

echo 'blacklist pwm' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

  • Restrict local user access to systems where PWM functionality is critical
  • Implement strict privilege separation and limit users who can interact with hardware interfaces

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from your distribution. Examine if PWM modules are loaded: lsmod | grep pwm

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version. Check that the system boots without issues and PWM functionality works if needed.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • OOM killer messages related to kernel memory
  • System crash/reboot events

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "general protection fault") AND process="kernel"

📊 Metadata

CVE ID: CVE-2024-26599
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: February 23, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26599, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)