PatchSiren

PatchSiren cyber security CVE debrief

CVE-2024-26870 Linux CVE debrief

CVE-2024-26870 describes a Linux kernel NFSv4.2 bug in listxattr() handling that can reach a kernel BUG in mm/usercopy.c when buffer sizing is mishandled. The published fix adds an ERANGE return when nfs4_listxattr() is called with size > 0 and the required length is greater than the supplied buffer. NVD rates the issue CVSS 5.5/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, reflecting a local availability impact rather than a confidentiality or integrity issue.

Vendor
Linux
Product
CVE-2024-26870
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2024-04-17
Original CVE updated
2026-05-12
Advisory published
2024-04-17
Advisory updated
2026-05-12

Who should care

Linux kernel maintainers, distro security teams, and operators of systems that mount or serve NFSv4.2 filesystems should care most. Security teams should also prioritize this for environments where authenticated local users can run listxattr() against affected NFS paths.

Technical summary

The vulnerability is in NFSv4.2 xattr enumeration. Per the CVE description, listxattr() is expected to return the needed buffer size when called with size = 0, and to fail cleanly when a nonzero buffer is too small. In the affected path, generic_listxattr() or nfs4_listxattr_nfs4_label() may consume all available bytes, leaving nfs4_listxattr_nfs4_user() to be called with size already reduced to 0. That path can trip a kernel BUG in usercopy checking. The fix is to detect the overrun condition in nfs4_listxattr() and return ERANGE instead of continuing into the faulty path.

Defensive priority

Medium. This is a local, authenticated denial-of-service issue with high availability impact, but it does not indicate data exposure or code execution in the supplied record.

Recommended defensive actions

  • Patch Linux kernels to versions that include the upstream fix for CVE-2024-26870.
  • Confirm whether any systems use affected Linux kernel ranges listed by NVD, especially kernels prior to 5.10.214, 5.15.153, 6.1.83, 6.6.23, 6.7.11, and 6.8.2.
  • Pay extra attention to systems using NFSv4.2 and workloads that call listxattr() on mounted NFS paths.
  • Review vendor advisories and backports for your distribution, since NVD also lists affected Debian Linux 10.0 and kernel backport coverage may vary.
  • If patching must be deferred, reduce exposure by limiting which local users can run workloads against affected NFS mounts until updates are applied.

Evidence notes

The CVE was published on 2024-04-17 and later modified on 2026-05-12 in NVD. The supplied description states that calling listxattr() with size > 0 can trigger a kernel BUG when the xattr length calculation leaves no room for the next NFSv4.2 user-label path. It also states that the fix is to return ERANGE when the needed size exceeds the supplied buffer. NVD references multiple kernel patch commits and marks affected Linux kernel ranges ending before 5.10.214, 5.15.153, 6.1.83, 6.6.23, 6.7.11, and 6.8.2.

Official resources

Public CVE record published 2024-04-17T11:15:09.460Z; NVD modified 2026-05-12T12:16:22.147Z. This debrief uses only the supplied CVE/NVD corpus and linked official references.