CVE-2024-26688: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigning NULL to ctx->hstate in hugetlbfs_parse_param() when the requested pagesize is non valid. E.g: Taking the following steps: fd = fsopen("hugetlbfs", FSOPEN_CLOEXEC); fsconfig(fd, FSCONFIG_SET_STRING, "pagesize", "1024", 0); fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); Given that the requested "pagesize" is invalid, ctxt->hstate will be replaced with NULL, losing its previous value, and we will print an error: ... ... case Opt_pagesize: ps = memparse(param->string, &rest); ctx->hstate = h; if (!ctx->hstate) { pr_err("Unsupported page size %lu MB\n", ps / SZ_1M); return -EINVAL; } return 0; ... ... This is a problem because later on, we will dereference ctxt->hstate in hugetlbfs_fill_super() ... ... sb->s_blocksize = huge_page_size(ctx->hstate); ... ... Causing below Oops. Fix this by replacing cxt->hstate value only when then pagesize is known to be valid. kernel: hugetlbfs: Unsupported page size 0 MB kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028 kernel: #PF: supervisor read access in kernel mode kernel: #PF: error_code(0x0000) - not-present page kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0 kernel: Oops: 0000 [#1] PREEMPT SMP PTI kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017 kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000 kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004 kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 kernel: Call Trace: kernel: <TASK> kernel: ? __die_body+0x1a/0x60 kernel: ? page_fault_oops+0x16f/0x4a0 kernel: ? search_bpf_extables+0x65/0x70 kernel: ? fixup_exception+0x22/0x310 kernel: ? exc_page_fault+0x69/0x150 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: ? hugetlbfs_fill_super+0xb4/0x1a0 kernel: ? hugetlbfs_fill_super+0x28/0x1a0 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: vfs_get_super+0x40/0xa0 kernel: ? __pfx_bpf_lsm_capable+0x10/0x10 kernel: vfs_get_tree+0x25/0xd0 kernel: vfs_cmd_create+0x64/0xe0 kernel: __x64_sys_fsconfig+0x395/0x410 kernel: do_syscall_64+0x80/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? exc_page_fault+0x69/0x150 kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76 kernel: RIP: 0033:0x7ffbc0cb87c9 kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48 kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af kernel: RAX: fffffffffff ---truncated---
AI Analysis
Technical Summary
CVE-2024-26688 is a vulnerability identified in the Linux kernel's handling of the hugetlb filesystem configuration via the fsconfig() syscall. Specifically, the flaw arises in the hugetlbfs_fill_super() function, which is responsible for setting up the superblock for the hugetlb filesystem. When a user attempts to configure a hugetlb filesystem with an invalid page size parameter, the function hugetlbfs_parse_param() assigns a NULL value to the context's hstate pointer (ctx->hstate). This occurs because the requested page size is not recognized or supported, leading to ctx->hstate being set to NULL and an error being logged. However, later in the execution, hugetlbfs_fill_super() dereferences ctx->hstate without verifying its validity, causing a NULL pointer dereference and triggering a kernel oops (crash). The kernel logs indicate a supervisor read access fault due to this NULL pointer dereference, which results in a denial of service (DoS) condition by crashing the kernel. The root cause is the improper handling of invalid page size parameters during hugetlbfs configuration, where the code replaces the hstate pointer before confirming the validity of the page size. The fix involves ensuring that ctx->hstate is only updated when the page size is valid, preventing the NULL pointer dereference. This vulnerability affects Linux kernel versions prior to the patch and can be triggered by unprivileged or privileged users who can invoke the fsconfig syscall to mount or configure hugetlbfs with crafted parameters. Exploitation leads to kernel crashes, impacting system availability. There is no indication of privilege escalation or arbitrary code execution from this vulnerability, but the resulting kernel panic can disrupt services and require system reboots.
Potential Impact
For European organizations, the impact of CVE-2024-26688 primarily involves potential denial of service conditions on Linux systems that utilize hugetlbfs, which is often employed in high-performance computing, database systems, and applications requiring large memory pages for performance optimization. Organizations relying on Linux servers for critical infrastructure, cloud services, or data centers may experience unexpected kernel crashes if an attacker or misconfigured software triggers this vulnerability. This could lead to service interruptions, loss of availability, and operational downtime. While the vulnerability does not appear to allow privilege escalation or data breaches directly, the disruption caused by kernel panics can affect business continuity, especially in environments with automated deployment or container orchestration systems that mount hugetlbfs. Additionally, systems exposed to untrusted users or multi-tenant environments could be targeted to cause denial of service. The impact is more pronounced in sectors with high Linux adoption such as finance, telecommunications, research institutions, and cloud service providers within Europe. The lack of known exploits in the wild reduces immediate risk but patching is critical to prevent future exploitation attempts.
Mitigation Recommendations
To mitigate CVE-2024-26688, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted Linux distributions or kernel maintainers. 2) Audit and restrict access to the fsconfig syscall and mounting of hugetlbfs to trusted administrators and processes only, minimizing the risk of unprivileged users triggering the flaw. 3) Implement runtime monitoring and alerting for kernel oops or crashes related to hugetlbfs operations to detect potential exploitation attempts early. 4) Review and validate configuration management and automation scripts that mount or configure hugetlbfs to ensure they do not specify invalid page sizes. 5) In containerized or virtualized environments, limit the use of hugetlbfs mounts or isolate workloads that require it to reduce blast radius. 6) Maintain robust backup and recovery procedures to minimize downtime impact from potential kernel crashes. 7) Engage with Linux vendor security advisories and subscribe to vulnerability notifications to stay informed about patch releases and related issues.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-26688: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigning NULL to ctx->hstate in hugetlbfs_parse_param() when the requested pagesize is non valid. E.g: Taking the following steps: fd = fsopen("hugetlbfs", FSOPEN_CLOEXEC); fsconfig(fd, FSCONFIG_SET_STRING, "pagesize", "1024", 0); fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); Given that the requested "pagesize" is invalid, ctxt->hstate will be replaced with NULL, losing its previous value, and we will print an error: ... ... case Opt_pagesize: ps = memparse(param->string, &rest); ctx->hstate = h; if (!ctx->hstate) { pr_err("Unsupported page size %lu MB\n", ps / SZ_1M); return -EINVAL; } return 0; ... ... This is a problem because later on, we will dereference ctxt->hstate in hugetlbfs_fill_super() ... ... sb->s_blocksize = huge_page_size(ctx->hstate); ... ... Causing below Oops. Fix this by replacing cxt->hstate value only when then pagesize is known to be valid. kernel: hugetlbfs: Unsupported page size 0 MB kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028 kernel: #PF: supervisor read access in kernel mode kernel: #PF: error_code(0x0000) - not-present page kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0 kernel: Oops: 0000 [#1] PREEMPT SMP PTI kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017 kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000 kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004 kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 kernel: Call Trace: kernel: <TASK> kernel: ? __die_body+0x1a/0x60 kernel: ? page_fault_oops+0x16f/0x4a0 kernel: ? search_bpf_extables+0x65/0x70 kernel: ? fixup_exception+0x22/0x310 kernel: ? exc_page_fault+0x69/0x150 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: ? hugetlbfs_fill_super+0xb4/0x1a0 kernel: ? hugetlbfs_fill_super+0x28/0x1a0 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: vfs_get_super+0x40/0xa0 kernel: ? __pfx_bpf_lsm_capable+0x10/0x10 kernel: vfs_get_tree+0x25/0xd0 kernel: vfs_cmd_create+0x64/0xe0 kernel: __x64_sys_fsconfig+0x395/0x410 kernel: do_syscall_64+0x80/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? exc_page_fault+0x69/0x150 kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76 kernel: RIP: 0033:0x7ffbc0cb87c9 kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48 kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af kernel: RAX: fffffffffff ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-26688 is a vulnerability identified in the Linux kernel's handling of the hugetlb filesystem configuration via the fsconfig() syscall. Specifically, the flaw arises in the hugetlbfs_fill_super() function, which is responsible for setting up the superblock for the hugetlb filesystem. When a user attempts to configure a hugetlb filesystem with an invalid page size parameter, the function hugetlbfs_parse_param() assigns a NULL value to the context's hstate pointer (ctx->hstate). This occurs because the requested page size is not recognized or supported, leading to ctx->hstate being set to NULL and an error being logged. However, later in the execution, hugetlbfs_fill_super() dereferences ctx->hstate without verifying its validity, causing a NULL pointer dereference and triggering a kernel oops (crash). The kernel logs indicate a supervisor read access fault due to this NULL pointer dereference, which results in a denial of service (DoS) condition by crashing the kernel. The root cause is the improper handling of invalid page size parameters during hugetlbfs configuration, where the code replaces the hstate pointer before confirming the validity of the page size. The fix involves ensuring that ctx->hstate is only updated when the page size is valid, preventing the NULL pointer dereference. This vulnerability affects Linux kernel versions prior to the patch and can be triggered by unprivileged or privileged users who can invoke the fsconfig syscall to mount or configure hugetlbfs with crafted parameters. Exploitation leads to kernel crashes, impacting system availability. There is no indication of privilege escalation or arbitrary code execution from this vulnerability, but the resulting kernel panic can disrupt services and require system reboots.
Potential Impact
For European organizations, the impact of CVE-2024-26688 primarily involves potential denial of service conditions on Linux systems that utilize hugetlbfs, which is often employed in high-performance computing, database systems, and applications requiring large memory pages for performance optimization. Organizations relying on Linux servers for critical infrastructure, cloud services, or data centers may experience unexpected kernel crashes if an attacker or misconfigured software triggers this vulnerability. This could lead to service interruptions, loss of availability, and operational downtime. While the vulnerability does not appear to allow privilege escalation or data breaches directly, the disruption caused by kernel panics can affect business continuity, especially in environments with automated deployment or container orchestration systems that mount hugetlbfs. Additionally, systems exposed to untrusted users or multi-tenant environments could be targeted to cause denial of service. The impact is more pronounced in sectors with high Linux adoption such as finance, telecommunications, research institutions, and cloud service providers within Europe. The lack of known exploits in the wild reduces immediate risk but patching is critical to prevent future exploitation attempts.
Mitigation Recommendations
To mitigate CVE-2024-26688, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted Linux distributions or kernel maintainers. 2) Audit and restrict access to the fsconfig syscall and mounting of hugetlbfs to trusted administrators and processes only, minimizing the risk of unprivileged users triggering the flaw. 3) Implement runtime monitoring and alerting for kernel oops or crashes related to hugetlbfs operations to detect potential exploitation attempts early. 4) Review and validate configuration management and automation scripts that mount or configure hugetlbfs to ensure they do not specify invalid page sizes. 5) In containerized or virtualized environments, limit the use of hugetlbfs mounts or isolate workloads that require it to reduce blast radius. 6) Maintain robust backup and recovery procedures to minimize downtime impact from potential kernel crashes. 7) Engage with Linux vendor security advisories and subscribe to vulnerability notifications to stay informed about patch releases and related issues.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.154Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe380c
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 6/29/2025, 5:25:08 PM
Last updated: 8/17/2025, 1:29:07 AM
Views: 10
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.