CVE-2024-26588: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era == 9000000003137f7c, ra == 9000000003139e70 [ 130.640501] Oops[#3]: [ 130.640553] CPU: 0 PID: 1326 Comm: test_tag Tainted: G D O 6.7.0-rc4-loong-devel-gb62ab1a397cf #47 61985c1d94084daa2432f771daa45b56b10d8d2a [ 130.640764] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022 [ 130.640874] pc 9000000003137f7c ra 9000000003139e70 tp 9000000104cb4000 sp 9000000104cb7a40 [ 130.641001] a0 ffff80001b894000 a1 ffff80001b897ff8 a2 000000006ba210be a3 0000000000000000 [ 130.641128] a4 000000006ba210be a5 00000000000000f1 a6 00000000000000b3 a7 0000000000000000 [ 130.641256] t0 0000000000000000 t1 00000000000007f6 t2 0000000000000000 t3 9000000004091b70 [ 130.641387] t4 000000006ba210be t5 0000000000000004 t6 fffffffffffffff0 t7 90000000040913e0 [ 130.641512] t8 0000000000000005 u0 0000000000000dc0 s9 0000000000000009 s0 9000000104cb7ae0 [ 130.641641] s1 00000000000007f6 s2 0000000000000009 s3 0000000000000095 s4 0000000000000000 [ 130.641771] s5 ffff80001b894000 s6 ffff80001b897fb0 s7 9000000004090c50 s8 0000000000000000 [ 130.641900] ra: 9000000003139e70 build_body+0x1fcc/0x4988 [ 130.642007] ERA: 9000000003137f7c build_body+0xd8/0x4988 [ 130.642112] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 130.642261] PRMD: 00000004 (PPLV0 +PIE -PWE) [ 130.642353] EUEN: 00000003 (+FPE +SXE -ASXE -BTE) [ 130.642458] ECFG: 00071c1c (LIE=2-4,10-12 VS=7) [ 130.642554] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 130.642658] BADV: ffff80001b898004 [ 130.642719] PRID: 0014c010 (Loongson-64bit, Loongson-3A5000) [ 130.642815] Modules linked in: [last unloaded: bpf_testmod(O)] [ 130.642924] Process test_tag (pid: 1326, threadinfo=00000000f7f4015f, task=000000006499f9fd) [ 130.643062] Stack : 0000000000000000 9000000003380724 0000000000000000 0000000104cb7be8 [ 130.643213] 0000000000000000 25af8d9b6e600558 9000000106250ea0 9000000104cb7ae0 [ 130.643378] 0000000000000000 0000000000000000 9000000104cb7be8 90000000049f6000 [ 130.643538] 0000000000000090 9000000106250ea0 ffff80001b894000 ffff80001b894000 [ 130.643685] 00007ffffb917790 900000000313ca94 0000000000000000 0000000000000000 [ 130.643831] ffff80001b894000 0000000000000ff7 0000000000000000 9000000100468000 [ 130.643983] 0000000000000000 0000000000000000 0000000000000040 25af8d9b6e600558 [ 130.644131] 0000000000000bb7 ffff80001b894048 0000000000000000 0000000000000000 [ 130.644276] 9000000104cb7be8 90000000049f6000 0000000000000090 9000000104cb7bdc [ 130.644423] ffff80001b894000 0000000000000000 00007ffffb917790 90000000032acfb0 [ 130.644572] ... [ 130.644629] Call Trace: [ 130.644641] [<9000000003137f7c>] build_body+0xd8/0x4988 [ 130.644785] [<900000000313ca94>] bpf_int_jit_compile+0x228/0x4ec [ 130.644891] [<90000000032acfb0>] bpf_prog_select_runtime+0x158/0x1b0 [ 130.645003] [<90000000032b3504>] bpf_prog_load+0x760/0xb44 [ 130.645089] [<90000000032b6744>] __sys_bpf+0xbb8/0x2588 [ 130.645175] [<90000000032b8388>] sys_bpf+0x20/0x2c [ 130.645259] [<9000000003f6ab38>] do_syscall+0x7c/0x94 [ 130.645369] [<9000000003121c5c>] handle_syscall+0xbc/0x158 [ 130.645507] [ 130.645539] Code: 380839f6 380831f9 28412bae <24000ca6> 004081ad 0014cb50 004083e8 02bff34c 58008e91 [ 130.645729] [ 130.646418] ---[ end trace 0000000000000000 ]--- On my machine, which has CONFIG_PAGE_SIZE_16KB=y, the test failed at loading a BPF prog with 2039 instructions: prog = (struct bpf_prog *)ffff80001b894000 insn = (struct bpf_insn *)(prog->insnsi)fff ---truncated---
AI Analysis
Technical Summary
CVE-2024-26588 is a high-severity vulnerability in the Linux kernel specifically affecting the LoongArch architecture's Berkeley Packet Filter (BPF) implementation. The vulnerability is an out-of-bounds memory access issue (CWE-125) that can be triggered by loading a crafted BPF program. The flaw causes an unhandled kernel page fault, leading to a kernel crash (Oops) due to improper bounds checking in the BPF JIT compiler or verifier. The vulnerability was observed on a system with a 16KB page size configuration, where a BPF program containing 2039 instructions triggered the fault. The kernel logs show the fault occurring during the build_body function in the BPF JIT compilation process, indicating that the vulnerability arises during BPF program loading and compilation. The affected kernel version is identified by the commit hash bbfddb904df6f82a5948687a2d57766216b9bc0f. The CVSS v3.1 score is 7.8 (high), with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that local attackers with low privileges can exploit this vulnerability without user interaction, resulting in high confidentiality, integrity, and availability impact. The vulnerability allows an attacker to cause a denial of service by crashing the kernel or potentially escalate privileges by executing arbitrary code in kernel mode. Although no known exploits are reported in the wild yet, the presence of a kernel-level memory corruption bug in BPF—a widely used Linux kernel subsystem for packet filtering and tracing—makes this a critical issue for affected systems. The vulnerability is specific to the LoongArch CPU architecture, which is a RISC-V-like architecture developed primarily in China. The patch details are not provided in the data, but the issue has been resolved in recent kernel updates.
Potential Impact
For European organizations, the impact of CVE-2024-26588 depends largely on the deployment of Linux systems running on LoongArch architecture hardware. While LoongArch is not widely adopted in Europe compared to x86_64 or ARM architectures, organizations using specialized hardware or embedded systems based on LoongArch could be at risk. The vulnerability allows local attackers to execute arbitrary code in kernel space or cause denial of service, which could lead to system crashes, data corruption, or privilege escalation. This could disrupt critical services, especially in sectors relying on Linux-based infrastructure such as telecommunications, industrial control systems, or research environments experimenting with LoongArch hardware. Additionally, organizations involved in supply chain or hardware manufacturing that utilize LoongArch processors might face increased risk. The high severity and kernel-level impact mean that exploitation could compromise confidentiality, integrity, and availability of affected systems. However, the limited market penetration of LoongArch in Europe reduces the overall exposure compared to more common architectures.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patch that addresses CVE-2024-26588 is essential. Organizations should track kernel updates from trusted sources and apply them promptly on all LoongArch-based systems. 2. Restrict access to systems running LoongArch Linux kernels to trusted users only, as exploitation requires local access with low privileges. 3. Implement strict access controls and monitoring on systems that allow BPF program loading, including containerized environments and virtual machines, to detect and prevent unauthorized BPF program execution. 4. Use kernel hardening features such as Kernel Page Table Isolation (KPTI) and Control Flow Integrity (CFI) where supported to reduce exploitation risk. 5. For environments where patching is delayed, consider disabling or restricting BPF functionality on LoongArch systems if feasible, to mitigate attack surface. 6. Conduct thorough testing of updated kernels in staging environments before deployment to ensure stability and compatibility. 7. Monitor system logs for unusual kernel faults or crashes that may indicate attempted exploitation. 8. Engage with hardware and software vendors to confirm support and timely updates for LoongArch-based platforms.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
CVE-2024-26588: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era == 9000000003137f7c, ra == 9000000003139e70 [ 130.640501] Oops[#3]: [ 130.640553] CPU: 0 PID: 1326 Comm: test_tag Tainted: G D O 6.7.0-rc4-loong-devel-gb62ab1a397cf #47 61985c1d94084daa2432f771daa45b56b10d8d2a [ 130.640764] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022 [ 130.640874] pc 9000000003137f7c ra 9000000003139e70 tp 9000000104cb4000 sp 9000000104cb7a40 [ 130.641001] a0 ffff80001b894000 a1 ffff80001b897ff8 a2 000000006ba210be a3 0000000000000000 [ 130.641128] a4 000000006ba210be a5 00000000000000f1 a6 00000000000000b3 a7 0000000000000000 [ 130.641256] t0 0000000000000000 t1 00000000000007f6 t2 0000000000000000 t3 9000000004091b70 [ 130.641387] t4 000000006ba210be t5 0000000000000004 t6 fffffffffffffff0 t7 90000000040913e0 [ 130.641512] t8 0000000000000005 u0 0000000000000dc0 s9 0000000000000009 s0 9000000104cb7ae0 [ 130.641641] s1 00000000000007f6 s2 0000000000000009 s3 0000000000000095 s4 0000000000000000 [ 130.641771] s5 ffff80001b894000 s6 ffff80001b897fb0 s7 9000000004090c50 s8 0000000000000000 [ 130.641900] ra: 9000000003139e70 build_body+0x1fcc/0x4988 [ 130.642007] ERA: 9000000003137f7c build_body+0xd8/0x4988 [ 130.642112] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 130.642261] PRMD: 00000004 (PPLV0 +PIE -PWE) [ 130.642353] EUEN: 00000003 (+FPE +SXE -ASXE -BTE) [ 130.642458] ECFG: 00071c1c (LIE=2-4,10-12 VS=7) [ 130.642554] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 130.642658] BADV: ffff80001b898004 [ 130.642719] PRID: 0014c010 (Loongson-64bit, Loongson-3A5000) [ 130.642815] Modules linked in: [last unloaded: bpf_testmod(O)] [ 130.642924] Process test_tag (pid: 1326, threadinfo=00000000f7f4015f, task=000000006499f9fd) [ 130.643062] Stack : 0000000000000000 9000000003380724 0000000000000000 0000000104cb7be8 [ 130.643213] 0000000000000000 25af8d9b6e600558 9000000106250ea0 9000000104cb7ae0 [ 130.643378] 0000000000000000 0000000000000000 9000000104cb7be8 90000000049f6000 [ 130.643538] 0000000000000090 9000000106250ea0 ffff80001b894000 ffff80001b894000 [ 130.643685] 00007ffffb917790 900000000313ca94 0000000000000000 0000000000000000 [ 130.643831] ffff80001b894000 0000000000000ff7 0000000000000000 9000000100468000 [ 130.643983] 0000000000000000 0000000000000000 0000000000000040 25af8d9b6e600558 [ 130.644131] 0000000000000bb7 ffff80001b894048 0000000000000000 0000000000000000 [ 130.644276] 9000000104cb7be8 90000000049f6000 0000000000000090 9000000104cb7bdc [ 130.644423] ffff80001b894000 0000000000000000 00007ffffb917790 90000000032acfb0 [ 130.644572] ... [ 130.644629] Call Trace: [ 130.644641] [<9000000003137f7c>] build_body+0xd8/0x4988 [ 130.644785] [<900000000313ca94>] bpf_int_jit_compile+0x228/0x4ec [ 130.644891] [<90000000032acfb0>] bpf_prog_select_runtime+0x158/0x1b0 [ 130.645003] [<90000000032b3504>] bpf_prog_load+0x760/0xb44 [ 130.645089] [<90000000032b6744>] __sys_bpf+0xbb8/0x2588 [ 130.645175] [<90000000032b8388>] sys_bpf+0x20/0x2c [ 130.645259] [<9000000003f6ab38>] do_syscall+0x7c/0x94 [ 130.645369] [<9000000003121c5c>] handle_syscall+0xbc/0x158 [ 130.645507] [ 130.645539] Code: 380839f6 380831f9 28412bae <24000ca6> 004081ad 0014cb50 004083e8 02bff34c 58008e91 [ 130.645729] [ 130.646418] ---[ end trace 0000000000000000 ]--- On my machine, which has CONFIG_PAGE_SIZE_16KB=y, the test failed at loading a BPF prog with 2039 instructions: prog = (struct bpf_prog *)ffff80001b894000 insn = (struct bpf_insn *)(prog->insnsi)fff ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-26588 is a high-severity vulnerability in the Linux kernel specifically affecting the LoongArch architecture's Berkeley Packet Filter (BPF) implementation. The vulnerability is an out-of-bounds memory access issue (CWE-125) that can be triggered by loading a crafted BPF program. The flaw causes an unhandled kernel page fault, leading to a kernel crash (Oops) due to improper bounds checking in the BPF JIT compiler or verifier. The vulnerability was observed on a system with a 16KB page size configuration, where a BPF program containing 2039 instructions triggered the fault. The kernel logs show the fault occurring during the build_body function in the BPF JIT compilation process, indicating that the vulnerability arises during BPF program loading and compilation. The affected kernel version is identified by the commit hash bbfddb904df6f82a5948687a2d57766216b9bc0f. The CVSS v3.1 score is 7.8 (high), with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that local attackers with low privileges can exploit this vulnerability without user interaction, resulting in high confidentiality, integrity, and availability impact. The vulnerability allows an attacker to cause a denial of service by crashing the kernel or potentially escalate privileges by executing arbitrary code in kernel mode. Although no known exploits are reported in the wild yet, the presence of a kernel-level memory corruption bug in BPF—a widely used Linux kernel subsystem for packet filtering and tracing—makes this a critical issue for affected systems. The vulnerability is specific to the LoongArch CPU architecture, which is a RISC-V-like architecture developed primarily in China. The patch details are not provided in the data, but the issue has been resolved in recent kernel updates.
Potential Impact
For European organizations, the impact of CVE-2024-26588 depends largely on the deployment of Linux systems running on LoongArch architecture hardware. While LoongArch is not widely adopted in Europe compared to x86_64 or ARM architectures, organizations using specialized hardware or embedded systems based on LoongArch could be at risk. The vulnerability allows local attackers to execute arbitrary code in kernel space or cause denial of service, which could lead to system crashes, data corruption, or privilege escalation. This could disrupt critical services, especially in sectors relying on Linux-based infrastructure such as telecommunications, industrial control systems, or research environments experimenting with LoongArch hardware. Additionally, organizations involved in supply chain or hardware manufacturing that utilize LoongArch processors might face increased risk. The high severity and kernel-level impact mean that exploitation could compromise confidentiality, integrity, and availability of affected systems. However, the limited market penetration of LoongArch in Europe reduces the overall exposure compared to more common architectures.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patch that addresses CVE-2024-26588 is essential. Organizations should track kernel updates from trusted sources and apply them promptly on all LoongArch-based systems. 2. Restrict access to systems running LoongArch Linux kernels to trusted users only, as exploitation requires local access with low privileges. 3. Implement strict access controls and monitoring on systems that allow BPF program loading, including containerized environments and virtual machines, to detect and prevent unauthorized BPF program execution. 4. Use kernel hardening features such as Kernel Page Table Isolation (KPTI) and Control Flow Integrity (CFI) where supported to reduce exploitation risk. 5. For environments where patching is delayed, consider disabling or restricting BPF functionality on LoongArch systems if feasible, to mitigate attack surface. 6. Conduct thorough testing of updated kernels in staging environments before deployment to ensure stability and compatibility. 7. Monitor system logs for unusual kernel faults or crashes that may indicate attempted exploitation. 8. Engage with hardware and software vendors to confirm support and timely updates for LoongArch-based platforms.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.126Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe40c4
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 7/3/2025, 1:57:11 AM
Last updated: 7/31/2025, 6:36:53 AM
Views: 12
Related Threats
CVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighCVE-2025-8719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in reubenthiessen Translate This gTranslate Shortcode
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.