CVE-2024-26735 in Linux
Summary
by MITRE • 04/03/2024
In the Linux kernel, the following vulnerability has been resolved:
ipv6: sr: fix possible use-after-free and null-ptr-deref
The pernet operations structure for the subsystem must be registered before registering the generic netlink family.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 08/03/2025
The vulnerability identified as CVE-2024-26735 represents a critical use-after-free and null pointer dereference issue within the Linux kernel's IPv6 segment routing subsystem. This flaw exists in the kernel's network stack implementation where the pernet operations structure for the segment routing subsystem is improperly registered relative to the generic netlink family registration process. The issue stems from a fundamental timing dependency in the kernel's initialization sequence that can lead to memory corruption and system instability when the segment routing functionality is utilized. The vulnerability is classified under CWE-416 as use-after-free and CWE-476 as null pointer dereference, both of which are well-established categories in the Common Weakness Enumeration catalog that represent severe memory safety issues.
The technical implementation flaw occurs when the kernel attempts to manage IPv6 segment routing operations through the generic netlink interface. During the initialization phase, if the pernet operations structure is not properly registered before the generic netlink family registration, subsequent operations can result in accessing freed memory locations or dereferencing null pointers. This misordering creates a window of opportunity where malicious actors or system conditions can trigger the vulnerable code path, potentially leading to privilege escalation or denial of service conditions. The segment routing subsystem specifically handles IPv6 packet routing through explicit path definitions, making it a critical component for network infrastructure operations.
The operational impact of this vulnerability extends beyond simple system crashes or hangs, as it can provide attackers with opportunities for privilege escalation within the kernel space. When the use-after-free condition occurs, it may allow for memory corruption that could be exploited to execute arbitrary code with kernel privileges, while the null pointer dereference could result in system crashes that constitute a denial of service attack. The vulnerability affects systems running Linux kernels that implement IPv6 segment routing functionality, which includes various enterprise network infrastructure devices, servers, and cloud environments where advanced routing capabilities are utilized. This vulnerability is particularly concerning because it operates at the kernel level where the consequences of exploitation can be catastrophic for system integrity and availability.
Mitigation strategies for CVE-2024-26735 primarily focus on applying the vendor-provided kernel updates that correct the registration order issue in the IPv6 segment routing subsystem. System administrators should prioritize patching affected systems, particularly those running kernel versions that support IPv6 segment routing functionality. The fix implemented in the kernel addresses the fundamental initialization sequence by ensuring proper registration order of the pernet operations structure before the generic netlink family registration. Additionally, organizations should consider implementing network segmentation and access controls to limit exposure to potential exploitation attempts. Monitoring for unusual system behavior or kernel-level anomalies can help detect potential exploitation attempts, while maintaining up-to-date security patches and following the principle of least privilege for network operations can reduce the overall attack surface. This vulnerability aligns with ATT&CK technique T1068 which involves exploiting local privilege escalation opportunities, and T1499 which covers network denial of service attacks through kernel exploitation.