CVE-2024-26735: ipv6: sr: fix possible use-after-free and null-ptr-deref

Published Apr 3, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

ipv6: sr: fix possible use-after-free and null-ptr-deref

The Linux kernel CVE team has assigned CVE-2024-26735 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024040359-CVE-2024-26735-462f@gregkh/T

Other sources

In the Linux kernel, the following vulnerability has been resolved:

ipv6: sr: fix possible use-after-free and null-ptr-deref

The pernet operations structure for the subsystem must be registered before registering the generic netlink family.

IBM

Affected Software

41 affected componentsFixes available
redhat/kernel<4.19.308
4.19.308
redhat/kernel<5.4.270
5.4.270
redhat/kernel<5.10.211
5.10.211
redhat/kernel<5.15.150
5.15.150
redhat/kernel<6.1.80
6.1.80
redhat/kernel<6.6.19
6.6.19
redhat/kernel<6.7.7
6.7.7
redhat/kernel<6.8
6.8
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1
Linux Linux kernel>=4.10<4.19.308
Linux Linux kernel>=4.20<5.4.270
Linux Linux kernel>=5.5<5.10.211
Linux Linux kernel>=5.11<5.15.150
Linux Linux kernel>=5.16<6.1.80
Linux Linux kernel>=6.2<6.6.19
Linux Linux kernel>=6.7<6.7.7
Linux Linux kernel=6.8-rc1
Linux Linux kernel=6.8-rc2
Linux Linux kernel=6.8-rc3
Linux Linux kernel=6.8-rc4
Linux Linux kernel=6.8-rc5
Debian Debian Linux=10.0
All of the following
NetApp 8300 Firmware
NetApp 8300
All of the following
NetApp 8700 Firmware
NetApp 8700
All of the following
NetApp A400 Firmware
NetApp A400
All of the following
NetApp C400 Firmware
NetApp C400
All of the following
NetApp H610c Firmware
NetApp H610c
All of the following
NetApp H610s Firmware
NetApp H610s
All of the following
NetApp H615c Firmware
NetApp H615c
NetApp E-Series SANtricity OS Controller>=11.0.0<=11.70.2

Remediation

Patch Available

https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b

Patch Available

https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b

Patch Available

https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6

Patch Available

https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d

Patch Available

https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197

Patch Available

https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee

Patch Available

https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa

Patch Available

https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44

Event History

Apr 3, 2024
CVE Published
via MITRE·05:00 PM
Data Sourced
via MITRE·05:00 PM
Description
Apr 4, 2024
Data Sourced
via Red Hat·01:40 AM
DescriptionSeverityAffected Software
May 17, 2024
Data Sourced
via Launchpad·08:16 AM
Description
Apr 27, 2025
Data Sourced
via Ubuntu·12:14 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-26735?

CVE-2024-26735 is classified as a high severity vulnerability in the Linux kernel.

2

How do I fix CVE-2024-26735?

To fix CVE-2024-26735, update the Linux kernel to version 4.19.308 or later for Red Hat systems or install the corresponding patched versions for other distributions.

3

What causes CVE-2024-26735?

CVE-2024-26735 is caused by a potential use-after-free and null pointer dereference in the IPv6 Segment Routing implementation in the Linux kernel.

4

Which versions of the Linux kernel are affected by CVE-2024-26735?

Versions of the Linux kernel prior to 4.19.308, 5.4.270, 5.10.211, 5.15.150, 6.1.80, 6.6.19, 6.7.7, and 6.8 are affected by CVE-2024-26735.

5

Is CVE-2024-26735 exploitable remotely?

Yes, CVE-2024-26735 could potentially be exploited remotely, leading to a denial of service or arbitrary code execution.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203