CVE-2024-26810 Linux CVE debrief

Who should care

Administrators and operators of Linux systems that use VFIO PCI device passthrough, especially virtualization hosts and environments exposing PCI devices to guests. Kernel maintainers and distro security teams should also ensure the relevant stable backports are applied.

Technical summary

The CVE description says irq_type updates are protected by igate, so is_intx() checks also need igate protection. Without that serialization, clearing DisINTx via config space can race with interrupt configuration changes performed through ioctl. NVD maps the issue to CWE-362 and rates it CVSS 3.1 AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, indicating a local issue requiring high privileges with availability impact. NVD lists affected Linux kernel ranges ending before 5.4.274, 5.10.215, 5.15.154, 6.1.84, 6.6.24, 6.7.12, and 6.8.3, with stable kernel patch references provided in the record.

Defensive priority

Medium

Recommended defensive actions

• Upgrade to a kernel version that includes the vendor fix for your release train, using the affected-version cutoffs listed in NVD.
• Apply the referenced stable kernel patches to any maintained downstream or LTS kernels that backport VFIO changes.
• Verify VFIO PCI deployments that rely on INTx handling, especially hosts using device passthrough, are running fixed builds.
• Track distribution advisories and kernel stable backports for your exact kernel branch before scheduling maintenance windows.

Evidence notes

This debrief is based on the official CVE record, the NVD CVE detail, and the kernel stable patch links included in the NVD references. The CVE was published on 2024-04-05 and last modified in the supplied record on 2026-05-12. The source text explicitly describes a race between config-space DisINTx masking and ioctl-based interrupt configuration, and NVD classifies the weakness as CWE-362 with availability-only impact in the CVSS vector.

Official resources