CVE-2024-26652 is a medium-severity vulnerability identified in the Linux kernel, specifically within the networking subsystem's pds_core module. The issue arises from improper memory management in the error handling path of the auxiliary device addition process. When the function auxiliary_device_add() fails and returns an error, it subsequently calls auxiliary_device_uninit(). During this cleanup, the callback function pdsc_auxbus_dev_release invokes kfree(padev) to free allocated memory. However, due to a coding oversight, kfree(padev) is called redundantly, resulting in a double-free condition. Double-free vulnerabilities can lead to undefined behavior, including memory corruption, potential kernel crashes, or exploitation avenues such as privilege escalation or denial of service. The fix implemented removes the redundant kfree() call and restructures error handling to ensure memory is freed exactly once, preventing this unsafe condition. The vulnerability affects specific Linux kernel versions identified by commit hashes, and it was published on March 27, 2024. The CVSS 3.1 base score is 4.1, indicating a medium severity with vector AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L, meaning the attack requires local access (physical or local network), low complexity, no privileges, but user interaction is needed, and it impacts confidentiality, integrity, and availability to a limited extent.

For European organizations, this vulnerability poses a moderate risk primarily to systems running vulnerable Linux kernel versions, especially those involved in networking or auxiliary device management. Exploitation could lead to local denial of service through kernel crashes or potentially enable attackers to corrupt kernel memory, which might be leveraged for privilege escalation or unauthorized code execution. This could disrupt critical services, especially in sectors relying heavily on Linux-based infrastructure such as telecommunications, finance, and government. However, since exploitation requires local access and user interaction, remote exploitation is unlikely without prior compromise. The impact on confidentiality, integrity, and availability is limited but non-negligible, particularly in environments where system stability and security are paramount. Organizations using embedded Linux devices or specialized network hardware running affected kernels should be particularly vigilant.

To mitigate this vulnerability, European organizations should: 1) Identify and inventory all Linux systems, focusing on kernel versions matching the affected commits or those released prior to the patch date. 2) Apply the official Linux kernel patches or upgrade to a kernel version where this issue is resolved as soon as possible. 3) For embedded or specialized devices where kernel upgrades are challenging, consult vendors for firmware updates or mitigations. 4) Restrict local access to critical Linux systems by enforcing strict physical security and network segmentation to limit potential attackers' ability to reach vulnerable devices. 5) Monitor system logs and kernel messages for signs of memory corruption or crashes that could indicate exploitation attempts. 6) Educate users about the risks of interacting with untrusted local code or devices that could trigger this vulnerability. 7) Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and memory protection features to reduce exploitation likelihood.