Login Sign Up

CVE-2024-26674

7.1 HIGH
Denial of Service

📋 TL;DR

A Linux kernel vulnerability in x86 architecture memory access functions causes kernel panic during hardware memory errors when accessing userspace memory. This affects Linux systems running vulnerable kernel versions, potentially causing denial of service during memory corruption events.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Linux kernel versions >= v6.4 to < patched versions
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects x86 architecture systems. Vulnerability manifests during hardware memory errors or memory error injection tests.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service during hardware memory errors or targeted exploitation.

🟠

Likely Case

System instability or crash when encountering memory errors during userspace memory access operations.

🟢

If Mitigated

Proper kernel patching prevents the panic, allowing graceful error handling during memory access faults.

🌐 Internet-Facing: LOW - Requires local access or hardware memory errors, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local attackers or hardware faults could trigger denial of service on vulnerable systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires triggering hardware memory errors or sophisticated memory corruption.

Primarily a reliability issue rather than a security vulnerability, but could be leveraged for DoS in specific scenarios.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel releases via commits 2aed1b6c33afd8599d01c6532bbecb829480a674 and related

Vendor Advisory: https://git.kernel.org/stable/c/2aed1b6c33afd8599d01c6532bbecb829480a674

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from official distribution repositories. 2. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable memory error injection

linux

Prevent triggering of the vulnerability by disabling memory error injection testing

echo 0 > /sys/kernel/debug/apei/einj/mem-error-inject

🧯 If You Can't Patch

  • Monitor system logs for machine check exceptions and kernel panic events
  • Implement system redundancy and failover to minimize impact of potential crashes

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r. If version is >= 6.4 and not patched, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or is from a distribution that has backported the patches.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages with 'Fatal local machine check'
  • MCA (Machine Check Architecture) error logs
  • Messages about unrecoverable area of kernel

Network Indicators:

  • None - local vulnerability only

SIEM Query:

search 'Kernel panic' AND 'machine check' OR 'Fatal local machine check'

📊 Metadata

CVE ID: CVE-2024-26674
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-787
Published: April 2, 2024
Last Updated: March 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26674, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)