CVE-2024-26604: 
Linux Debian vulnerability analysis and mitigation

CVE-2024-26604 affects the Linux kernel and involves a NULL pointer dereference vulnerability in the kobject subsystem. The issue stems from the removal of redundant checks for NULL ktype pointers, which was reverted due to reported problems. The vulnerability affects Linux kernel versions from 6.6.0 up to (excluding) 6.6.18 and from 6.7.0 up to (excluding) 6.7.6 (NVD).

The vulnerability was introduced when redundant checks for whether ktype is NULL were removed in commit 1b28cb81dab7. This modification caused issues in the kobject subsystem's handling of NULL ktype pointers, potentially leading to NULL pointer dereferences. The vulnerability has a CVSS v3.1 Base Score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on availability (NVD).

The vulnerability can lead to system availability issues through NULL pointer dereferences in the kobject subsystem. The CVSS score indicates that while confidentiality and integrity are not affected, there is a potential for high impact on system availability. The vulnerability requires local access and low privileges to exploit (NVD).

The issue has been addressed by reverting commit 1b28cb81dab7 through patch 3ca8fbabcceb8bfe44f7f50640092fd8f1de375c. The fix restores the previous NULL checks for ktype pointers in the kobject subsystem. Users should upgrade to Linux kernel versions 6.6.18 or later for the 6.6.x series, or 6.7.6 or later for the 6.7.x series (Kernel Patch).