Login Sign Up

CVE-2024-26608

7.8 HIGH
Denial of Service

📋 TL;DR

CVE-2024-26608 is a global out-of-bounds read vulnerability in the Linux kernel's ksmbd (SMB server) component. It allows attackers to read kernel memory beyond allocated bounds, potentially leaking sensitive information or causing system instability. Systems running affected Linux kernel versions with ksmbd enabled are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Linux kernel versions with ksmbd support before fixes (specific versions in commit references)
Operating Systems: Linux distributions with affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if ksmbd (kernel SMB server) module is loaded and enabled. Many distributions don't enable ksmbd by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory disclosure leading to privilege escalation, system crash, or information leakage of sensitive kernel data.

🟠

Likely Case

Kernel panic or system instability causing denial of service, with potential information disclosure.

🟢

If Mitigated

Limited impact if ksmbd is disabled or proper access controls restrict SMB access.

🌐 Internet-Facing: MEDIUM - Requires SMB network access, but ksmbd may not be exposed by default.
🏢 Internal Only: MEDIUM - Internal attackers with network access to ksmbd could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires sending specially crafted Netlink messages to the ksmbd subsystem. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 2c939c74ef0b74e99b92e32edc2a59f9b9ca3d5a, 6993328a4cd62a24df254b587c0796a4a1eecc95, 9863a53100f47652755545c2bd43e14a1855104d, aaa1f1a2ee80888c12ae2783f3a0be10e14067c5, ebeae8adf89d9a82359f6659b1663d09beec2faa

Vendor Advisory: https://git.kernel.org/stable/c/2c939c74ef0b74e99b92e32edc2a59f9b9ca3d5a

Restart Required: Yes

Instructions:

1. Update Linux kernel to a version containing the fix commits. 2. Reboot the system to load the patched kernel. 3. Verify ksmbd module is using the patched version.

🔧 Temporary Workarounds

Disable ksmbd module

linux

Unload the ksmbd kernel module if not required

sudo rmmod ksmbd
echo 'blacklist ksmbd' | sudo tee /etc/modprobe.d/blacklist-ksmbd.conf

Prevent ksmbd module loading

linux

Prevent ksmbd from being loaded at boot

echo 'install ksmbd /bin/false' | sudo tee /etc/modprobe.d/disable-ksmbd.conf

🧯 If You Can't Patch

  • Disable ksmbd module if SMB server functionality is not required
  • Implement network segmentation to restrict access to systems running ksmbd

🔍 How to Verify

Check if Vulnerable:

Check if ksmbd module is loaded: lsmod | grep ksmbd. If loaded, check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits and ksmbd module loads without errors.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • KASAN error reports mentioning ksmbd_nl_policy
  • System instability after SMB requests

Network Indicators:

  • Unusual SMB traffic to ksmbd ports
  • Netlink messages to ksmbd subsystem

SIEM Query:

source="kernel" AND ("KASAN" OR "out-of-bounds" OR "ksmbd")

📊 Metadata

CVE ID: CVE-2024-26608
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: March 11, 2024
Last Updated: April 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26608, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)