CVE-2024-26595 - Vulnerability Details

- mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path

Description

In the Linux kernel, the following vulnerability has been resolved:

mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path

When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after
failing to attach the region to an ACL group, we hit a NULL pointer
dereference upon 'region->group->tcam' [1].

Fix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam().

[1]
BUG: kernel NULL pointer dereference, address: 0000000000000000
[...]
RIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0
[...]
Call Trace:
mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20
mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0
mlxsw_sp_acl_rule_add+0x47/0x240
mlxsw_sp_flower_replace+0x1a9/0x1d0
tc_setup_cb_add+0xdc/0x1c0
fl_hw_replace_filter+0x146/0x1f0
fl_change+0xc17/0x1360
tc_new_tfilter+0x472/0xb90
rtnetlink_rcv_msg+0x313/0x3b0
netlink_rcv_skb+0x58/0x100
netlink_unicast+0x244/0x390
netlink_sendmsg+0x1e4/0x440
____sys_sendmsg+0x164/0x260
___sys_sendmsg+0x9a/0xe0
__sys_sendmsg+0x7a/0xc0
do_syscall_64+0x40/0xe0
entry_SYSCALL_64_after_hwframe+0x63/0x6b

Published: 2024-02-23

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`22a677661f5624539d394f681276171f92d714df`	affected	< 75fa2d8b3c0175b519c99ace54ab8474cfd0077e
`22a677661f5624539d394f681276171f92d714df`	affected	< 817840d125a370626895df269c50c923b79b0a39
`22a677661f5624539d394f681276171f92d714df`	affected	< d0a1efe417c97a1e9b914056ee6b86f1ef75fe1f
`22a677661f5624539d394f681276171f92d714df`	affected	< efeb7dfea8ee10cdec11b6b6ba4e405edbe75809

Linux

affected

Version	Status	Constraints
`4.11`	affected	—
`0`	unaffected	< 4.11
`6.1.120`	unaffected	≤ 6.1.*
`6.6.14`	unaffected	≤ 6.6.*
`6.7.2`	unaffected	≤ 6.7.*
`6.8`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:7001	2024-09-24T00:00:00Z
kernel-0:4.18.0-553.22.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:7000	2024-09-24T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4076-1	linux-6.1 security update
Ubuntu USN	USN-6818-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6818-2	Linux kernel (ARM laptop) vulnerabilities
Ubuntu USN	USN-6818-3	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-6818-4	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-6819-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6819-2	Linux kernel vulnerabilities
Ubuntu USN	USN-6819-3	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-6819-4	Linux kernel (Oracle) vulnerabilities
Ubuntu USN	USN-7233-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7233-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7233-3	Linux kernel (Azure) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00016.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://git.kernel.org/stable/c/75fa2d8b3c0175b519c99ace54ab8474cfd0077e
https://git.kernel.org/stable/c/817840d125a370626895df269c50c923b79b0a39
https://git.kernel.org/stable/c/d0a1efe417c97a1e9b914056ee6b86f1ef75fe1f
https://git.kernel.org/stable/c/efeb7dfea8ee10cdec11b6b6ba4e405edbe75809
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lore.kernel.org/linux-cve-announce/2024022336-CVE-2024-26595-9a8d@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2024-26595
https://www.cve.org/CVERecord?id=CVE-2024-26595

History

Mon, 03 Nov 2025 21:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

Sat, 14 Dec 2024 21:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/75fa2d8b3c0175b519c99ace54ab8474cfd0077e

Tue, 24 Sep 2024 11:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:8

Tue, 24 Sep 2024 06:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv
Vendors & Products		Redhat Redhat enterprise Linux

Subscriptions

Linux Linux Kernel

Redhat Enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-23T14:46:24.767Z

Updated: 2026-05-11T20:00:26.122Z

Reserved: 2024-02-19T14:20:24.127Z

Link: CVE-2024-26595

Vulnrichment

Updated: 2025-11-03T20:36:56.580Z

NVD

Status : Modified

Published: 2024-02-23T15:15:09.443

Modified: 2025-11-03T21:16:07.867

Link: CVE-2024-26595

Redhat

Severity : Low

Publid Date: 2024-02-23T00:00:00Z

Links: CVE-2024-26595 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object