CVE-2024-26754

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-26754
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26754.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-26754
Downstream
Related
Published
2024-04-03T17:00:39.079Z
Modified
2026-06-18T03:54:26.107117792Z
Summary
gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
Details

In the Linux kernel, the following vulnerability has been resolved:

gtp: fix use-after-free and null-ptr-deref in gtpgenldump_pdp()

The gtpnetops pernet operations structure for the subsystem must be registered before registering the generic netlink family.

Syzkaller hit 'general protection fault in gtpgenldump_pdp' bug:

general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 PID: 5826 Comm: gtp Not tainted 6.8.0-rc3-std-def-alt1 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 RIP: 0010:gtpgenldumppdp+0x1be/0x800 [gtp] Code: c6 89 c6 e8 64 e9 86 df 58 45 85 f6 0f 85 4e 04 00 00 e8 c5 ee 86 df 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 de 05 00 00 48 8b 44 24 18 4c 8b 30 4c 39 f0 74 RSP: 0018:ffff888014107220 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff88800fcda588 R14: 0000000000000001 R15: 0000000000000000 FS: 00007f1be4eb05c0(0000) GS:ffff88806ce80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1be4e766cf CR3: 000000000c33e000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? showregs+0x90/0xa0 ? dieaddr+0x50/0xd0 ? excgeneralprotection+0x148/0x220 ? asmexcgeneralprotection+0x22/0x30 ? gtpgenldump_pdp+0x1be/0x800 [gtp] ? __allocskb+0x1dd/0x350 ? pfxallocskb+0x10/0x10 genldumpit+0x11d/0x230 netlinkdump+0x5b9/0xce0 ? lockdephardirqsonprepare+0x253/0x430 ? __pfxnetlinkdump+0x10/0x10 ? kasansavetrack+0x10/0x40 ? __kasankmalloc+0x9b/0xa0 ? genlstart+0x675/0x970 __netlinkdumpstart+0x6fc/0x9f0 genlfamilyrcvmsgdumpit+0x1bb/0x2d0 ? __pfxgenlfamilyrcvmsgdumpit+0x10/0x10 ? genlopfromsmall+0x2a/0x440 ? cap_capable+0x1d0/0x240 ? __pfxgenlstart+0x10/0x10 ? __pfxgenldumpit+0x10/0x10 ? _pfxgenldone+0x10/0x10 ? securitycapable+0x9d/0xe0

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26754.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
459aa660eb1d8ce67080da1983bb81d716aa5a69
Fixed
f0ecdfa679189d26aedfe24212d4e69e42c2c861
Fixed
f8cbd1791900b5d96466eede8e9439a5b9ca4de7
Fixed
2e534fd15e5c2ca15821c897352cf0e8a3e30dca
Fixed
a576308800be28f2eaa099e7caad093b97d66e77
Fixed
3963f16cc7643b461271989b712329520374ad2a
Fixed
ba6b8b02a3314e62571a540efa96560888c5f03e
Fixed
5013bd54d283eda5262c9ae3bcc966d01daf8576
Fixed
136cfaca22567a03bbb3bf53a43d8cb5748b80ec

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26754.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.7.0
Fixed
4.19.308
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.270
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.211
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.150
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.80
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.19
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26754.json"