PatchSiren cyber security CVE debrief
CVE-2024-26872 Linux CVE debrief
CVE-2024-26872 is a Linux kernel RDMA/srpt use-after-free issue that can occur when an event handler is registered before the srpt device is fully initialized. According to the NVD record and linked kernel patches, a rare error-path race can leave a partially set up event handler in place and later lead to a KASAN-reported use-after-free write in srpt_refresh_port(). The corrective change is to defer event handler registration until device initialization is complete.
- Vendor
- Linux
- Product
- CVE-2024-26872
- CVSS
- HIGH 7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-17
- Original CVE updated
- 2026-05-12
- Advisory published
- 2024-04-17
- Advisory updated
- 2026-05-12
Who should care
Linux kernel maintainers, distribution kernel teams, and operators using SRPT/RDMA functionality should review this issue, especially on systems running affected kernel branches identified by NVD.
Technical summary
The weakness is classified as CWE-416 (use after free). The reported bug is in the RDMA/srpt path: an event handler may be registered before srpt device initialization finishes. If initialization fails or races on the error path, a partially initialized handler can remain active and later dereference freed memory during srpt_refresh_port(). NVD maps the issue to affected Linux kernel ranges including 3.3 through versions before 5.10.214, 5.11 before 5.15.153, 5.16 before 6.1.83, 6.2 before 6.6.23, 6.7 before 6.7.11, and 6.8 before 6.8.2.
Defensive priority
High for systems that use the affected Linux kernel versions and SRPT/RDMA features. The bug is in kernel space and carries high impact in the CVSS vector, but the attack vector is local and the complexity is high.
Recommended defensive actions
- Upgrade to a Linux kernel version that includes the fix or a later stable release beyond the affected ranges listed by NVD.
- If you maintain downstream kernels, verify that the SRPT event handler registration change is included in your backport set.
- Review any deployments using RDMA/srpt and prioritize patching on hosts where local users or kernel-adjacent workloads are present.
- Use vendor advisories and kernel stable patch references to confirm that your shipped kernel build contains the fix.
- Track distribution-specific advisories for kernels not covered directly by mainline or stable version numbers.
Evidence notes
The description of the bug and the remediation come from the official NVD record and its linked Linux kernel patch references. NVD lists CWE-416 and the CVSS vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The source corpus also includes mitigation/vendor references from git.kernel.org stable commits plus Debian LTS and Siemens advisories. No KEV listing is present in the supplied data.
Official resources
-
CVE-2024-26872 CVE record
CVE.org
-
CVE-2024-26872 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Mailing List, Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Mailing List, Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Mailing List, Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Mailing List, Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Mailing List, Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Mailing List, Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Mailing List, Patch
Publicly disclosed in the CVE/NVD record on 2024-04-17T11:15:09.560Z. The NVD entry was later modified on 2026-05-12T12:16:22.317Z.