PatchSiren cyber security CVE debrief
CVE-2024-26875 Linux CVE debrief
CVE-2024-26875 is a Linux kernel use-after-free in the pvrusb2 USB media driver. The reported KASAN trace shows pvr2_context_set_notify() dereferencing freed memory during disconnect handling, and the fix moves the disconnect_flag assignment to the end of pvr2_context_disconnect() so another thread cannot free the shared object too early.
- Vendor
- Linux
- Product
- CVE-2024-26875
- CVSS
- MEDIUM 6.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-17
- Original CVE updated
- 2026-05-12
- Advisory published
- 2024-04-17
- Advisory updated
- 2026-05-12
Who should care
Linux kernel maintainers, distro security teams, and operators of systems that may load the pvrusb2 media driver should care. Because the CVSS vector is local and requires high privileges, the main concern is untrusted local access on systems running affected kernel versions.
Technical summary
The issue is a race in drivers/media/usb/pvrusb2/pvrusb2-context.c. According to the supplied analysis, setting disconnect_flag too early allowed a second task to satisfy its condition and release mp while the first task still expected it to remain valid, leading to a use-after-free in pvr2_context_set_notify(). The documented resolution is to move the disconnect_flag assignment after the remaining disconnect logic in pvr2_context_disconnect(), which closes the race window. NVD maps the flaw to CWE-416 and lists affected Linux kernel version ranges up through 6.8.2, with stable backports provided via kernel.org references.
Defensive priority
Medium priority for patching. The flaw is serious because it can impact kernel integrity and availability, but the attack surface is limited to local, high-privilege conditions per the CVSS vector.
Recommended defensive actions
- Apply the relevant Linux kernel stable update that includes the pvrusb2 disconnect-handling fix.
- Verify whether your kernels fall within the affected ranges listed by NVD and plan upgrades accordingly.
- If the pvrusb2 driver is not needed, reduce exposure by avoiding unnecessary module loading on affected systems.
- Follow your distribution or vendor advisories for backported fixes and confirm the patched kernel build is deployed across all affected hosts.
Evidence notes
The supplied source describes a KASAN-reported slab-use-after-free in pvr2_context_set_notify() and explicitly states that moving the disconnect_flag assignment to after the rest of pvr2_context_disconnect() avoids the issue. NVD lists the issue as CVSS 3.1 AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H and provides affected Linux kernel version ranges ending at 4.19.311, 5.4.273, 5.10.214, 5.15.153, 6.1.83, 6.6.23, 6.7.11, and 6.8.2.
Official resources
-
CVE-2024-26875 CVE record
CVE.org
-
CVE-2024-26875 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
Published by CVE on 2024-04-17T11:15:09.723Z. Use the CVE publication date for timing context; later modification timestamps reflect record updates, not the original vulnerability date.