Login Sign Up

CVE-2024-26946

5.5 MEDIUM
Denial of Service

📋 TL;DR

A kernel memory access vulnerability in Linux kprobes subsystem where arch_adjust_kprobe_addr() could read from inaccessible memory addresses, causing kernel panic. This affects Linux systems with kprobes enabled, primarily impacting kernel developers and systems using kernel debugging/tracing tools. The vulnerability requires local access to trigger.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Specific affected versions not explicitly stated in CVE, but patches available for multiple stable branches
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if kprobes subsystem is enabled/used. Many distributions disable or restrict kprobes by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local denial of service through kernel panic leading to system crash and potential data loss.

🟠

Likely Case

Local denial of service causing system instability or crash when malicious user triggers the bug.

🟢

If Mitigated

Minimal impact if kprobes are disabled or proper access controls restrict local users.

🌐 Internet-Facing: LOW - Requires local access to trigger, not remotely exploitable.
🏢 Internal Only: MEDIUM - Local users or processes could cause system crashes affecting availability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to interact with kprobes interface. Found by Syzcaller fuzzer.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with fixes available (see references)

Vendor Advisory: https://git.kernel.org/stable/c/20fdb21eabaeb8f78f8f701f56d14ea0836ec861

Restart Required: Yes

Instructions:

1. Identify current kernel version. 2. Apply appropriate kernel patch from stable tree. 3. Rebuild kernel if using custom build. 4. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable kprobes

linux

Prevent kprobes subsystem from being used by disabling it at kernel boot or module loading

Add 'nokprobe' to kernel boot parameters in GRUB or systemd-boot configuration

Restrict kprobes access

linux

Use kernel capabilities or SELinux/AppArmor to restrict which users can use kprobes

setcap -r /sys/kernel/debug/kprobes
Use appropriate SELinux/AppArmor policies

🧯 If You Can't Patch

  • Disable kprobes functionality completely if not required
  • Implement strict access controls to prevent unauthorized users from interacting with kprobes interface

🔍 How to Verify

Check if Vulnerable:

Check if kprobes is enabled and kernel version matches affected range: cat /proc/kallsyms | grep -i kprobe && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update and check that kprobes functions properly without panic: uname -r && test kprobe functionality

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log or dmesg
  • OOPs messages related to kprobes or memory access faults

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("panic" OR "Oops") AND ("kprobe" OR "arch_adjust_kprobe_addr")

📊 Metadata

CVE ID: CVE-2024-26946
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-617
Published: May 1, 2024
Last Updated: September 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26946, you might also want to check these:

CVE-2023-37015 8.6

This vulnerability allows remote attackers to cause denial of service by sending malformed ASN.1 pac...

Same vulnerability type (CWE-617)
CVE-2023-37016 8.6

CVE-2023-37016 is a remotely triggerable assertion vulnerability in Open5GS MME that allows denial o...

Same vulnerability type (CWE-617)
CVE-2023-37017 8.6

Open5GS MME versions up to 2.6.4 contain a remotely triggerable assertion via malformed ASN.1 packet...

Same vulnerability type (CWE-617)