CVE-2024-26663: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() syzbot reported the following general protection fault [1]: general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087] ... RIP: 0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291 ... Call Trace: <TASK> tipc_udp_nl_bearer_add+0x212/0x2f0 net/tipc/udp_media.c:646 tipc_nl_bearer_add+0x21e/0x360 net/tipc/bearer.c:1089 genl_family_rcv_msg_doit+0x1fc/0x2e0 net/netlink/genetlink.c:972 genl_family_rcv_msg net/netlink/genetlink.c:1052 [inline] genl_rcv_msg+0x561/0x800 net/netlink/genetlink.c:1067 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2544 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367 netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0xd5/0x180 net/socket.c:745 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638 __sys_sendmsg+0x117/0x1e0 net/socket.c:2667 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b The cause of this issue is that when tipc_nl_bearer_add() is called with the TIPC_NLA_BEARER_UDP_OPTS attribute, tipc_udp_nl_bearer_add() is called even if the bearer is not UDP. tipc_udp_is_known_peer() called by tipc_udp_nl_bearer_add() assumes that the media_ptr field of the tipc_bearer has an udp_bearer type object, so the function goes crazy for non-UDP bearers. This patch fixes the issue by checking the bearer type before calling tipc_udp_nl_bearer_add() in tipc_nl_bearer_add().
AI Analysis
Technical Summary
CVE-2024-26663 is a vulnerability identified in the Linux kernel's Transparent Inter-Process Communication (TIPC) subsystem, specifically related to the handling of bearer types in the UDP media bearer code. The flaw arises because the function tipc_nl_bearer_add() calls tipc_udp_nl_bearer_add() without verifying if the bearer type is actually UDP. This leads to tipc_udp_is_known_peer() being invoked with a non-UDP bearer, causing it to dereference a null pointer or access invalid memory due to incorrect assumptions about the bearer structure. The vulnerability manifests as a general protection fault triggered by a null pointer dereference in the kernel space, which can lead to a kernel panic or system crash. The root cause is that tipc_udp_is_known_peer() expects the media_ptr field of the tipc_bearer structure to point to a UDP bearer object, but when called with other bearer types, this assumption fails. The patch fixes the issue by adding a check on the bearer type before calling tipc_udp_nl_bearer_add(), preventing the invalid call for non-UDP bearers. This vulnerability was reported by syzbot, an automated kernel fuzzing tool, and affects Linux kernel versions prior to the patch. No known exploits are currently reported in the wild. The vulnerability affects the Linux kernel, which is widely used in servers, cloud infrastructure, embedded devices, and desktops. The TIPC subsystem is primarily used for cluster communications and distributed systems, so environments relying on TIPC UDP bearers are most at risk. The vulnerability does not require user interaction but does require the ability to send netlink messages to the kernel, which may be restricted to privileged users or processes. Because the flaw leads to a denial of service via kernel crash, it impacts system availability and could be leveraged for privilege escalation or further attacks if combined with other vulnerabilities.
Potential Impact
For European organizations, the impact of CVE-2024-26663 can be significant, particularly for enterprises and service providers that rely on Linux-based infrastructure for critical services. The vulnerability can cause kernel crashes leading to denial of service (DoS), which disrupts availability of servers, network appliances, or embedded systems running vulnerable Linux kernels. Organizations using TIPC for cluster communications or distributed applications may experience instability or outages. This is especially relevant for telecom operators, cloud service providers, and industrial control systems in Europe that deploy Linux kernels with TIPC enabled. The disruption of services can affect business continuity, customer trust, and regulatory compliance, particularly under GDPR and other data protection laws requiring availability and integrity of systems. Although no active exploits are known, the presence of this vulnerability increases the attack surface and risk profile. Attackers with local or network access capable of sending crafted netlink messages could trigger kernel panics, potentially as part of a broader attack chain. The impact on confidentiality and integrity is limited unless combined with other vulnerabilities, but availability impact is high. European organizations with large-scale Linux deployments, especially those in critical infrastructure sectors, should prioritize remediation to avoid operational disruptions.
Mitigation Recommendations
To mitigate CVE-2024-26663, European organizations should: 1) Apply the official Linux kernel patches that include the fix for this vulnerability as soon as they become available from trusted sources or Linux distribution vendors. 2) If immediate patching is not possible, restrict access to netlink sockets and interfaces that allow bearer configuration, limiting them to trusted and privileged users only. 3) Audit and monitor kernel logs for signs of general protection faults or crashes related to TIPC UDP bearers to detect potential exploitation attempts. 4) Disable TIPC UDP bearer support if it is not required in the environment to reduce the attack surface. 5) Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) and kernel lockdown features to detect and prevent memory corruption and unauthorized kernel modifications. 6) Maintain up-to-date inventories of Linux kernel versions in use across infrastructure to quickly identify vulnerable systems. 7) Incorporate this vulnerability into incident response and vulnerability management workflows to ensure timely detection and remediation. These steps go beyond generic advice by focusing on access control to netlink interfaces, disabling unused kernel features, and proactive monitoring specific to the TIPC subsystem.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2024-26663: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() syzbot reported the following general protection fault [1]: general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087] ... RIP: 0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291 ... Call Trace: <TASK> tipc_udp_nl_bearer_add+0x212/0x2f0 net/tipc/udp_media.c:646 tipc_nl_bearer_add+0x21e/0x360 net/tipc/bearer.c:1089 genl_family_rcv_msg_doit+0x1fc/0x2e0 net/netlink/genetlink.c:972 genl_family_rcv_msg net/netlink/genetlink.c:1052 [inline] genl_rcv_msg+0x561/0x800 net/netlink/genetlink.c:1067 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2544 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367 netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0xd5/0x180 net/socket.c:745 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638 __sys_sendmsg+0x117/0x1e0 net/socket.c:2667 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b The cause of this issue is that when tipc_nl_bearer_add() is called with the TIPC_NLA_BEARER_UDP_OPTS attribute, tipc_udp_nl_bearer_add() is called even if the bearer is not UDP. tipc_udp_is_known_peer() called by tipc_udp_nl_bearer_add() assumes that the media_ptr field of the tipc_bearer has an udp_bearer type object, so the function goes crazy for non-UDP bearers. This patch fixes the issue by checking the bearer type before calling tipc_udp_nl_bearer_add() in tipc_nl_bearer_add().
AI-Powered Analysis
Technical Analysis
CVE-2024-26663 is a vulnerability identified in the Linux kernel's Transparent Inter-Process Communication (TIPC) subsystem, specifically related to the handling of bearer types in the UDP media bearer code. The flaw arises because the function tipc_nl_bearer_add() calls tipc_udp_nl_bearer_add() without verifying if the bearer type is actually UDP. This leads to tipc_udp_is_known_peer() being invoked with a non-UDP bearer, causing it to dereference a null pointer or access invalid memory due to incorrect assumptions about the bearer structure. The vulnerability manifests as a general protection fault triggered by a null pointer dereference in the kernel space, which can lead to a kernel panic or system crash. The root cause is that tipc_udp_is_known_peer() expects the media_ptr field of the tipc_bearer structure to point to a UDP bearer object, but when called with other bearer types, this assumption fails. The patch fixes the issue by adding a check on the bearer type before calling tipc_udp_nl_bearer_add(), preventing the invalid call for non-UDP bearers. This vulnerability was reported by syzbot, an automated kernel fuzzing tool, and affects Linux kernel versions prior to the patch. No known exploits are currently reported in the wild. The vulnerability affects the Linux kernel, which is widely used in servers, cloud infrastructure, embedded devices, and desktops. The TIPC subsystem is primarily used for cluster communications and distributed systems, so environments relying on TIPC UDP bearers are most at risk. The vulnerability does not require user interaction but does require the ability to send netlink messages to the kernel, which may be restricted to privileged users or processes. Because the flaw leads to a denial of service via kernel crash, it impacts system availability and could be leveraged for privilege escalation or further attacks if combined with other vulnerabilities.
Potential Impact
For European organizations, the impact of CVE-2024-26663 can be significant, particularly for enterprises and service providers that rely on Linux-based infrastructure for critical services. The vulnerability can cause kernel crashes leading to denial of service (DoS), which disrupts availability of servers, network appliances, or embedded systems running vulnerable Linux kernels. Organizations using TIPC for cluster communications or distributed applications may experience instability or outages. This is especially relevant for telecom operators, cloud service providers, and industrial control systems in Europe that deploy Linux kernels with TIPC enabled. The disruption of services can affect business continuity, customer trust, and regulatory compliance, particularly under GDPR and other data protection laws requiring availability and integrity of systems. Although no active exploits are known, the presence of this vulnerability increases the attack surface and risk profile. Attackers with local or network access capable of sending crafted netlink messages could trigger kernel panics, potentially as part of a broader attack chain. The impact on confidentiality and integrity is limited unless combined with other vulnerabilities, but availability impact is high. European organizations with large-scale Linux deployments, especially those in critical infrastructure sectors, should prioritize remediation to avoid operational disruptions.
Mitigation Recommendations
To mitigate CVE-2024-26663, European organizations should: 1) Apply the official Linux kernel patches that include the fix for this vulnerability as soon as they become available from trusted sources or Linux distribution vendors. 2) If immediate patching is not possible, restrict access to netlink sockets and interfaces that allow bearer configuration, limiting them to trusted and privileged users only. 3) Audit and monitor kernel logs for signs of general protection faults or crashes related to TIPC UDP bearers to detect potential exploitation attempts. 4) Disable TIPC UDP bearer support if it is not required in the environment to reduce the attack surface. 5) Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) and kernel lockdown features to detect and prevent memory corruption and unauthorized kernel modifications. 6) Maintain up-to-date inventories of Linux kernel versions in use across infrastructure to quickly identify vulnerable systems. 7) Incorporate this vulnerability into incident response and vulnerability management workflows to ensure timely detection and remediation. These steps go beyond generic advice by focusing on access control to netlink interfaces, disabling unused kernel features, and proactive monitoring specific to the TIPC subsystem.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.148Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe42e8
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/30/2025, 2:57:00 PM
Last updated: 8/14/2025, 6:56:20 AM
Views: 15
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.