In the Linux kernel, the following vulnerability has been resolved:
hwmon: (coretemp) Fix out-of-bounds memory access
Fix a bug that pdata->cpu_map[] is set before out-of-bounds check.
The problem might be triggered on systems with more than 128 cores per
package.
Security readout for executives and security teams
Plain-English summary
CVE-2024-26664 is a Linux kernel bug in the coretemp hardware monitoring driver. On systems with more than 128 cores per CPU package, the driver may write outside an internal CPU map. The source bundle does not provide a CVSS score or evidence of active exploitation.
Executive priority
Treat this as a targeted kernel hygiene issue, not an emergency internet-wide incident. Prioritize patch validation for dense compute, virtualization, HPC, and high-core-count server environments where the trigger condition is plausible.
Technical view
The flaw is an out-of-bounds memory access in Linux hwmon coretemp. The vulnerable logic sets pdata->cpu_map[] before performing the bounds check, creating a risk when package core counts exceed 128. Kernel stable commits are listed as references, and Debian LTS advisories are linked, but exploitability details are limited.
Likely exposure
Exposure is most relevant to Linux systems using the coretemp driver on very high-core-count CPU packages. Standard desktops and smaller servers are less likely to hit the described condition, but kernel version and hardware inventory should drive assessment.
Exploitation context
The CVE record does not cite public exploitation, and KEV status is false. The available description identifies a trigger condition but does not describe remote reachability, privilege requirements, impact severity, or a working exploit.
Researcher notes
The source evidence supports an out-of-bounds access before bounds validation in coretemp, likely hardware-dependent. Missing data includes CVSS, CWE, precise impact, privilege model, and exploit status. Avoid assuming remote code execution or active exploitation from the provided sources.
Mitigation direction
Check vendor kernel advisories for your distribution and installed kernel branch.
Prioritize kernel updates on high-core-count Linux servers using coretemp.
Apply the relevant stable kernel fix or distribution security package.
Track Debian LTS advisories if running affected Debian LTS kernels.
Validation and detection
Inventory Linux kernels and CPU package core counts across server fleets.
Check whether the coretemp hwmon driver is loaded on high-core systems.
Compare installed kernel versions against vendor fixed versions and stable references.
Confirm distribution security updates include CVE-2024-26664 remediation.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-26664 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.