CVE-2024-26739 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-26739?

CVE-2024-26739 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's net/sched: act_mirred component. When redirecting network packets, improper handling of return codes can lead to memory corruption after the packet has been forwarded. This affects all Linux systems using the affected kernel versions with traffic control mirroring enabled.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's net/sched: act_mirred component. When redirecting network packets, improper handling of return codes can lead to memory corruption after the packet has been forwarded. This affects all Linux systems using the affected kernel versions with traffic control mirroring enabled.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE description; check git commits for exact ranges

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Requires traffic control (tc) mirroring action to be configured and active. Not vulnerable in default configurations without tc mirroring rules.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, potential privilege escalation to root, or remote code execution if combined with other vulnerabilities.

🟠

Likely Case

System instability, kernel crashes, or denial of service affecting network functionality.

🟢

If Mitigated

Minimal impact if traffic control mirroring is disabled or systems are not processing redirected packets.

🌐 Internet-Facing: MEDIUM - Requires specific network configuration and packet processing to trigger, but could affect exposed services.

🏢 Internal Only: MEDIUM - Internal systems with traffic control mirroring enabled are vulnerable to crashes or privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires local access or ability to trigger specific network conditions. Memory corruption vulnerabilities in kernel space are complex to exploit reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check specific kernel versions containing commits: 0117fe0a4615a7c8d30d6ebcbf87332fbe63e6fd, 166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210, 28cdbbd38a4413b8eff53399b3f872fd4e80db9d, 9d3ef89b6a5e9f2e940de2cef3d543be0be8dec5, e873e8f7d03a2ee5b77fb1a305c782fed98e2754

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable traffic control mirroring

linux

Remove or disable tc mirroring rules to prevent triggering the vulnerability

tc filter del dev <interface> parent <parent>
tc qdisc del dev <interface> root

🧯 If You Can't Patch

Disable all traffic control mirroring configurations
Implement network segmentation to limit exposure of systems using tc mirroring

🔍 How to Verify

Check if Vulnerable:

Check if tc mirroring rules exist: 'tc filter show' and 'tc qdisc show'. If present and kernel is unpatched, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes the fix commits: 'uname -r' and verify with distribution patch notes.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Oops messages in dmesg
System crashes related to network traffic

Network Indicators:

Unexpected network disruptions on systems with tc mirroring

SIEM Query:

Search for kernel panic events or system crashes on Linux hosts with network traffic control configurations

📊 Metadata

CVE ID: CVE-2024-26739

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: April 3, 2024

Last Updated: November 25, 2025

🔗 References

https://git.kernel.org/stable/c/0117fe0a4615a7c8d30d6ebcbf87332fbe63e6fd Patch
https://git.kernel.org/stable/c/166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210 Patch
https://git.kernel.org/stable/c/28cdbbd38a4413b8eff53399b3f872fd4e80db9d Patch
https://git.kernel.org/stable/c/9d3ef89b6a5e9f2e940de2cef3d543be0be8dec5 Patch
https://git.kernel.org/stable/c/e873e8f7d03a2ee5b77fb1a305c782fed98e2754 Patch
https://git.kernel.org/stable/c/f4e294bbdca8ac8757db436fc82214f3882fc7e7 Patch
https://git.kernel.org/stable/c/166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210 Patch
https://git.kernel.org/stable/c/28cdbbd38a4413b8eff53399b3f872fd4e80db9d Patch
https://git.kernel.org/stable/c/f4e294bbdca8ac8757db436fc82214f3882fc7e7 Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26739, you might also want to check these: