Login Sign Up

CVE-2024-26800

7.8 HIGH
Denial of Service

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's TLS implementation allows memory corruption when async decryption fails in backlog processing. This affects systems using kernel TLS with async crypto operations. Attackers could potentially exploit this to crash systems or execute arbitrary code.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions with the vulnerable TLS implementation (check git commits for exact ranges)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when kernel TLS (kTLS) is enabled and using async cryptographic operations. Not all TLS implementations are affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to system crash (kernel panic) or potential arbitrary code execution with kernel privileges.

🟠

Likely Case

System instability, crashes, or denial of service affecting TLS-enabled services.

🟢

If Mitigated

Minimal impact if systems aren't using kernel TLS or have async crypto disabled.

🌐 Internet-Facing: MEDIUM - Requires TLS connections and specific async crypto conditions, but internet-facing servers using kernel TLS could be targeted.
🏢 Internal Only: LOW - Requires local access and specific TLS configurations to trigger.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires specific conditions: kernel TLS enabled, async crypto operations, and triggering the -EBADMSG error path. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 13114dc5543069f7b97991e3b79937b6da05f5b0, 1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1, 81be85353b0f5a7b660635634b655329b429eefe, f2b85a4cc763841843de693bbd7308fe9a2c4c89

Vendor Advisory: https://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Disable kernel TLS

linux

Disable kernel TLS module to prevent vulnerability trigger

modprobe -r tls
echo 'blacklist tls' >> /etc/modprobe.d/blacklist.conf

Disable async crypto

linux

Configure TLS to use synchronous cryptographic operations only

sysctl -w net.tls.async_crypto=0

🧯 If You Can't Patch

  • Disable kernel TLS module if not required for your services
  • Implement network segmentation to limit exposure of affected systems

🔍 How to Verify

Check if Vulnerable:

Check if kernel TLS module is loaded: lsmod | grep tls. Check kernel version against affected ranges.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits. Check that TLS functionality works without crashes.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • TLS decryption errors in system logs
  • OOM killer activity related to TLS

Network Indicators:

  • Unexpected TLS connection resets
  • Service disruptions on TLS ports

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "BUG") AND ("tls" OR "TLS")

📊 Metadata

CVE ID: CVE-2024-26800
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: April 4, 2024
Last Updated: December 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26800, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)