Login Sign Up

CVE-2024-26789

7.1 HIGH
Denial of Service

📋 TL;DR

This vulnerability in the Linux kernel's ARM64 cryptographic implementation allows out-of-bounds memory access when processing short AES-CTR inputs. It affects systems using the arm64/neonbs crypto module with specific input patterns. The vulnerability could lead to kernel memory corruption or system crashes.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Specific kernel versions with the vulnerable arm64/neonbs crypto module implementation
Operating Systems: Linux distributions running on ARM64 architecture
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects ARM64 systems using the neonbs crypto module. Requires specific input patterns (short AES-CTR inputs).

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to privilege escalation, denial of service, or information disclosure through memory leaks.

🟠

Likely Case

System instability, kernel panics, or denial of service when processing specific cryptographic operations.

🟢

If Mitigated

Minimal impact if systems don't use the affected crypto module or process short AES-CTR inputs.

🌐 Internet-Facing: MEDIUM - Requires specific conditions but could be triggered by network traffic.
🏢 Internal Only: MEDIUM - Internal applications using the affected crypto module could trigger the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires specific conditions: ARM64 architecture, use of affected crypto module, and triggering with short AES-CTR inputs. No public exploits known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in kernel commits: 034e2d70b5c7f578200ad09955aeb2aa65d1164a, 1291d278b5574819a7266568ce4c28bce9438705, 1c0cf6d19690141002889d72622b90fc01562ce4, 9e8ecd4908b53941ab6f0f51584ab80c6c6606c4

Vendor Advisory: https://git.kernel.org/stable/c/034e2d70b5c7f578200ad09955aeb2aa65d1164a

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution vendor. 2. Reboot the system. 3. Verify the kernel version includes the fix commits.

🔧 Temporary Workarounds

Disable neonbs crypto module

linux

Blacklist or disable the vulnerable crypto module

echo 'blacklist neonbs' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

  • Restrict access to systems using the affected crypto module
  • Monitor for kernel panics or unusual system behavior related to cryptographic operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if it includes the vulnerable code. Use 'uname -r' and compare with affected versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits. Check /proc/version or use 'uname -a' and confirm with distribution patch notes.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panics
  • System crashes
  • Cryptographic operation failures in system logs

Network Indicators:

  • Unusual cryptographic traffic patterns triggering the condition

SIEM Query:

source="kernel" AND ("panic" OR "oops" OR "segfault") AND ("crypto" OR "aes" OR "neonbs")

📊 Metadata

CVE ID: CVE-2024-26789
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-125
Published: April 4, 2024
Last Updated: April 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26789, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)