CVE-2024-26754: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-26754 is a vulnerability discovered in the Linux kernel's GTP (GPRS Tunneling Protocol) subsystem, specifically in the gtpgenldump_pdp() function. The vulnerability was disclosed on April 3, 2024, affecting Linux kernel versions from 4.7 up to versions before 4.19.308, 5.4.270, 5.10.211, 5.15.150, 6.1.80, 6.6.19, and 6.7.7 (NVD).

The vulnerability stems from an incorrect initialization order where the gtpnetops pernet operations structure must be registered before registering the generic netlink family. This issue can lead to both a use-after-free condition and a null pointer dereference in the gtpgenldump_pdp() function. The vulnerability was discovered using the Syzkaller fuzzing tool, which detected a general protection fault with a non-canonical address 0xdffffc0000000002. The CVSS v3.1 base score for this vulnerability is 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can lead to privilege escalation, denial of service, or information leaks in affected Linux systems. The high CVSS score indicates that successful exploitation could result in significant impact on system confidentiality, integrity, and availability (Debian LTS).

The vulnerability has been fixed in multiple Linux distributions through security updates. The fix involves correcting the initialization order in the GTP module by ensuring the pernet operations structure is registered before the generic netlink family. Ubuntu has released fixes for various kernel versions, including 5.15.0-1063.69 for 22.04 LTS and 5.4.0-1126.136 for 20.04 LTS (Ubuntu Notice).