CVE-2024-26875 is a use-after-free (UAF) vulnerability identified in the Linux kernel's media subsystem, specifically within the pvrusb2 driver which handles certain USB-based TV tuner devices. The flaw arises in the function pvr2_context_set_notify, where a race condition leads to a freed memory object being accessed subsequently. The vulnerability was detected by Syzbot's kernel fuzzing infrastructure and involves a slab-use-after-free error triggered during USB hub event handling. The root cause is a timing issue between two kernel worker tasks: Task A sets a disconnect_flag, which causes Task B to meet a condition that leads to releasing a memory pointer (mp). However, Task B continues to access this freed memory, causing a use-after-free. The fix involves reordering the disconnect_flag assignment to occur only after all other operations in pvr2_context_disconnect() complete, preventing premature freeing of resources. This vulnerability affects Linux kernel versions around 6.8.0-rc1 and likely other versions containing the vulnerable pvrusb2 driver code. The CVSS 3.1 score is 6.4 (medium severity), reflecting that exploitation requires local access with high privileges and high attack complexity, but can result in high confidentiality, integrity, and availability impact. No known exploits are currently reported in the wild. The vulnerability is classified under CWE-416 (Use After Free).

For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the affected pvrusb2 media driver enabled, which is typically found on systems using USB TV tuner devices supported by this driver. Exploitation could allow a local privileged attacker to execute arbitrary code within kernel space, potentially leading to full system compromise, data leakage, or denial of service. This is particularly concerning for organizations relying on Linux-based infrastructure for media processing, embedded systems, or specialized hardware that includes these USB devices. Although exploitation requires local privileged access and has high attack complexity, the impact on confidentiality, integrity, and availability is high, meaning successful exploitation could severely disrupt critical services or expose sensitive data. European enterprises with Linux-based media servers, broadcast facilities, or research institutions using such hardware should be vigilant. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially in environments where insider threats or advanced persistent threats (APTs) exist.

1. Apply the official Linux kernel patches that reorder the disconnect_flag assignment in pvr2_context_disconnect() as soon as they become available from trusted Linux distributions or kernel maintainers. 2. Audit and inventory systems to identify those running vulnerable Linux kernel versions with the pvrusb2 driver enabled, especially those using USB TV tuner devices. 3. Restrict local privileged access to trusted personnel only, as exploitation requires high privileges. 4. Implement kernel lockdown features or mandatory access controls (e.g., SELinux, AppArmor) to limit kernel module interactions and reduce attack surface. 5. Monitor kernel logs and system behavior for anomalies related to USB device handling or unexpected kernel worker thread activity. 6. For critical systems where patching is delayed, consider disabling the pvrusb2 driver if the USB TV tuner functionality is not essential. 7. Maintain up-to-date backups and incident response plans to quickly recover from potential exploitation.