CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-26618

Medium Severity
Linux
SVRS
30/100
CVSSv3
5.5/10
EPSS
0.00011/1

CVE-2024-26618 is a memory leak vulnerability in the Linux kernel's arm64/sme subsystem. This flaw occurs when sme_alloc() improperly handles existing storage during reallocation, leading to leaked memory and potential system instability. Specifically, the code reallocates memory without freeing the old allocation, which wastes resources. While the CVSS score is 5.5, indicating a medium severity, the SOCRadar Vulnerability Risk Score (SVRS) of 30 suggests a relatively low level of immediate risk based on current threat intelligence. Although not critical, administrators should apply the fix to prevent resource exhaustion over time. This vulnerability is important to address because unmanaged memory allocation can lead to performance degradation and eventually system failure. Addressing this issue enhances kernel stability and resource management.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:N
I:N
A:H
PUBLICATION DATE2024-03-11
LAST MODIFIED2025-02-14

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-26618 | Linux Kernel up to 6.6.14/6.7.2 sme sme_alloc allocation of resources (569156e4fa34/814af6b4e600/dc7eb8755797 / Nessus ID 210815)
vuldb.com2025-02-15
CVE-2024-26618 | Linux Kernel up to 6.6.14/6.7.2 sme sme_alloc allocation of resources (569156e4fa34/814af6b4e600/dc7eb8755797 / Nessus ID 210815) | A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.14/6.7.2. This affects the function sme_alloc of the component sme. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2024
vuldb.com
rss
forum
news
USN-6819-4: Linux kernel (Oracle) vulnerabilities
2024-06-26
USN-6819-4: Linux kernel (Oracle) vulnerabilities | Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service (system crash). (CVE-2024-23849) It was discovered that a race condition
cve-2023-52444
cve-2023-52597
cve-2023-52457
cve-2024-26598
USN-6818-2: Linux kernel (ARM laptop) vulnerabilities
2024-06-10
USN-6818-2: Linux kernel (ARM laptop) vulnerabilities | Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. (CVE
ubuntu.com
rss
forum
news
USN-6765-1: Linux kernel (OEM) vulnerabilities
2024-05-07
USN-6765-1: Linux kernel (OEM) vulnerabilities | Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability (CVE-2022-0001) were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information
cve-2024-23849
cve-2023-52467
cve-2024-26640
cve-2023-52458

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
OSLinuxlinux_kernel

References

ReferenceLink
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/569156e4fa347237f8fa2a7e935d860109c55ac4
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/814af6b4e6000e574e74d92197190edf07cc3680
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/dc7eb8755797ed41a0d1b5c0c39df3c8f401b3d9
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/569156e4fa347237f8fa2a7e935d860109c55ac4
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/814af6b4e6000e574e74d92197190edf07cc3680
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/dc7eb8755797ed41a0d1b5c0c39df3c8f401b3d9
AF854A3A-2127-422B-91AE-364DA2661108https://git.kernel.org/stable/c/569156e4fa347237f8fa2a7e935d860109c55ac4
AF854A3A-2127-422B-91AE-364DA2661108https://git.kernel.org/stable/c/814af6b4e6000e574e74d92197190edf07cc3680
AF854A3A-2127-422B-91AE-364DA2661108https://git.kernel.org/stable/c/dc7eb8755797ed41a0d1b5c0c39df3c8f401b3d9

CWE Details

CWE IDCWE NameDescription
CWE-770Allocation of Resources Without Limits or ThrottlingThe software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence