1. Home
  2. Vulnerabilities
  3. CVE-2024-26875
6.4
MEDIUM CVSS 3.1
CVE-2024-26875
media: pvrusb2: fix uaf in pvr2_context_set_notify
Description

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix uaf in pvr2_context_set_notify [Syzbot reported] BUG: KASAN: slab-use-after-free in pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35 Read of size 4 at addr ffff888113aeb0d8 by task kworker/1:1/26 CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.8.0-rc1-syzkaller-00046-gf1a27f081c1f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Workqueue: usb_hub_wq hub_event Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc4/0x620 mm/kasan/report.c:488 kasan_report+0xda/0x110 mm/kasan/report.c:601 pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35 pvr2_context_notify drivers/media/usb/pvrusb2/pvrusb2-context.c:95 [inline] pvr2_context_disconnect+0x94/0xb0 drivers/media/usb/pvrusb2/pvrusb2-context.c:272 Freed by task 906: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640 poison_slab_object mm/kasan/common.c:241 [inline] __kasan_slab_free+0x106/0x1b0 mm/kasan/common.c:257 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2121 [inline] slab_free mm/slub.c:4299 [inline] kfree+0x105/0x340 mm/slub.c:4409 pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:137 [inline] pvr2_context_thread_func+0x69d/0x960 drivers/media/usb/pvrusb2/pvrusb2-context.c:158 [Analyze] Task A set disconnect_flag = !0, which resulted in Task B's condition being met and releasing mp, leading to this issue. [Fix] Place the disconnect_flag assignment operation after all code in pvr2_context_disconnect() to avoid this issue.

INFO

Published Date :

April 17, 2024, 11:15 a.m.

Last Modified :

March 21, 2025, 3:27 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2024-26875 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM 134c704f-9b21-4f2e-91b3-4a467353bcc0
Solution
This addresses a use-after-free vulnerability in the Linux kernel's pvrusb2 module.
  • Update the Linux kernel to address the vulnerability.
  • Reboot the system after the kernel update.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-26875.

URL Resource
https://git.kernel.org/stable/c/0a0b79ea55de8514e1750884e5fec77f9fdd01ee Patch
https://git.kernel.org/stable/c/3a1ec89708d2e57e2712f46241282961b1a7a475 Patch
https://git.kernel.org/stable/c/40cd818fae875c424a8335009db33c7b5a07de3a Patch
https://git.kernel.org/stable/c/8e60b99f6b7ccb3badeb512f5eb613ad45904592 Patch
https://git.kernel.org/stable/c/ab896d93fd6a2cd1afeb034c3cc9226cb499209f Patch
https://git.kernel.org/stable/c/d29ed08964cec8b9729bc55c7bb23f679d7a18fb Patch
https://git.kernel.org/stable/c/eaa410e05bdf562c90b23cdf2d9327f9c4625e16 Patch
https://git.kernel.org/stable/c/eb6e9dce979c08210ff7249e5e0eceb8991bfcd7 Patch
https://git.kernel.org/stable/c/ed8000e1e8e9684ab6c30cf2b526c0cea039929c Patch
https://git.kernel.org/stable/c/0a0b79ea55de8514e1750884e5fec77f9fdd01ee Patch
https://git.kernel.org/stable/c/3a1ec89708d2e57e2712f46241282961b1a7a475 Patch
https://git.kernel.org/stable/c/40cd818fae875c424a8335009db33c7b5a07de3a Patch
https://git.kernel.org/stable/c/8e60b99f6b7ccb3badeb512f5eb613ad45904592 Patch
https://git.kernel.org/stable/c/ab896d93fd6a2cd1afeb034c3cc9226cb499209f Patch
https://git.kernel.org/stable/c/d29ed08964cec8b9729bc55c7bb23f679d7a18fb Patch
https://git.kernel.org/stable/c/eaa410e05bdf562c90b23cdf2d9327f9c4625e16 Patch
https://git.kernel.org/stable/c/eb6e9dce979c08210ff7249e5e0eceb8991bfcd7 Patch
https://git.kernel.org/stable/c/ed8000e1e8e9684ab6c30cf2b526c0cea039929c Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Mailing List Third Party Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-26875 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-26875 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-26875 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2024-26875 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Mar. 21, 2025

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.7.11 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.23 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.83 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.153 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.214 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.273 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.26 up to (excluding) 4.19.311 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.8 up to (excluding) 6.8.2
    Added Reference Type CVE: https://git.kernel.org/stable/c/0a0b79ea55de8514e1750884e5fec77f9fdd01ee Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/0a0b79ea55de8514e1750884e5fec77f9fdd01ee Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/3a1ec89708d2e57e2712f46241282961b1a7a475 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/3a1ec89708d2e57e2712f46241282961b1a7a475 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/40cd818fae875c424a8335009db33c7b5a07de3a Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/40cd818fae875c424a8335009db33c7b5a07de3a Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/8e60b99f6b7ccb3badeb512f5eb613ad45904592 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/8e60b99f6b7ccb3badeb512f5eb613ad45904592 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/ab896d93fd6a2cd1afeb034c3cc9226cb499209f Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/ab896d93fd6a2cd1afeb034c3cc9226cb499209f Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/d29ed08964cec8b9729bc55c7bb23f679d7a18fb Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/d29ed08964cec8b9729bc55c7bb23f679d7a18fb Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/eaa410e05bdf562c90b23cdf2d9327f9c4625e16 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/eaa410e05bdf562c90b23cdf2d9327f9c4625e16 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/eb6e9dce979c08210ff7249e5e0eceb8991bfcd7 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/eb6e9dce979c08210ff7249e5e0eceb8991bfcd7 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/ed8000e1e8e9684ab6c30cf2b526c0cea039929c Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/ed8000e1e8e9684ab6c30cf2b526c0cea039929c Types: Patch
    Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Types: Mailing List, Third Party Advisory
    Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Types: Mailing List, Third Party Advisory
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/0a0b79ea55de8514e1750884e5fec77f9fdd01ee
    Added Reference https://git.kernel.org/stable/c/3a1ec89708d2e57e2712f46241282961b1a7a475
    Added Reference https://git.kernel.org/stable/c/40cd818fae875c424a8335009db33c7b5a07de3a
    Added Reference https://git.kernel.org/stable/c/8e60b99f6b7ccb3badeb512f5eb613ad45904592
    Added Reference https://git.kernel.org/stable/c/ab896d93fd6a2cd1afeb034c3cc9226cb499209f
    Added Reference https://git.kernel.org/stable/c/d29ed08964cec8b9729bc55c7bb23f679d7a18fb
    Added Reference https://git.kernel.org/stable/c/eaa410e05bdf562c90b23cdf2d9327f9c4625e16
    Added Reference https://git.kernel.org/stable/c/eb6e9dce979c08210ff7249e5e0eceb8991bfcd7
    Added Reference https://git.kernel.org/stable/c/ed8000e1e8e9684ab6c30cf2b526c0cea039929c
    Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
    Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Nov. 05, 2024

    Action Type Old Value New Value
    Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
    Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Aug. 08, 2024

    Action Type Old Value New Value
    Added CWE CISA-ADP CWE-416
    Added CVSS V3.1 CISA-ADP AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 27, 2024

    Action Type Old Value New Value
    Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html [No types assigned]
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 25, 2024

    Action Type Old Value New Value
    Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html [No types assigned]
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 29, 2024

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Apr. 17, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix uaf in pvr2_context_set_notify [Syzbot reported] BUG: KASAN: slab-use-after-free in pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35 Read of size 4 at addr ffff888113aeb0d8 by task kworker/1:1/26 CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.8.0-rc1-syzkaller-00046-gf1a27f081c1f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Workqueue: usb_hub_wq hub_event Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc4/0x620 mm/kasan/report.c:488 kasan_report+0xda/0x110 mm/kasan/report.c:601 pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35 pvr2_context_notify drivers/media/usb/pvrusb2/pvrusb2-context.c:95 [inline] pvr2_context_disconnect+0x94/0xb0 drivers/media/usb/pvrusb2/pvrusb2-context.c:272 Freed by task 906: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640 poison_slab_object mm/kasan/common.c:241 [inline] __kasan_slab_free+0x106/0x1b0 mm/kasan/common.c:257 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2121 [inline] slab_free mm/slub.c:4299 [inline] kfree+0x105/0x340 mm/slub.c:4409 pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:137 [inline] pvr2_context_thread_func+0x69d/0x960 drivers/media/usb/pvrusb2/pvrusb2-context.c:158 [Analyze] Task A set disconnect_flag = !0, which resulted in Task B's condition being met and releasing mp, leading to this issue. [Fix] Place the disconnect_flag assignment operation after all code in pvr2_context_disconnect() to avoid this issue.
    Added Reference kernel.org https://git.kernel.org/stable/c/ed8000e1e8e9684ab6c30cf2b526c0cea039929c [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/d29ed08964cec8b9729bc55c7bb23f679d7a18fb [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/ab896d93fd6a2cd1afeb034c3cc9226cb499209f [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/eb6e9dce979c08210ff7249e5e0eceb8991bfcd7 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/3a1ec89708d2e57e2712f46241282961b1a7a475 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/8e60b99f6b7ccb3badeb512f5eb613ad45904592 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/40cd818fae875c424a8335009db33c7b5a07de3a [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/eaa410e05bdf562c90b23cdf2d9327f9c4625e16 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/0a0b79ea55de8514e1750884e5fec77f9fdd01ee [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 6.4
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact