LiveActive security incident?Get immediate response
CVE Record

CVE-2024-26993: fs: sysfs: Fix reference leak in sysfs_break_active_protection()

In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfs_break_active_protection() The sysfs_break_active_protection() routine has an obvious reference leak in its error path. If the call to kernfs_find_and_get() fails then kn will be NULL, so the companion sysfs_unbreak_active_protection() routine won't get called (and would only cause an access violation by trying to dereference kn->parent if it was called). As a result, the reference to kobj acquired at the start of the function will never be released. Fix the leak by adding an explicit kobject_put() call when kn is NULL.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

CVE-2024-26993 is a Linux kernel bug in sysfs cleanup handling. A failed internal lookup can leak a kernel object reference instead of releasing it. Public sources do not provide CVSS, confirmed impact, or active exploitation evidence, so urgency should be based on kernel exposure and vendor patch availability.

Executive priority

Handle through the normal kernel vulnerability patch process unless high-risk Linux hosts are exposed to untrusted local users or multi-tenant workloads. The absence of published severity and exploitation evidence lowers immediate emergency priority, but kernel defects still merit disciplined remediation.

Technical view

The flaw is in sysfs_break_active_protection(). If kernfs_find_and_get() returns NULL, the error path skips sysfs_unbreak_active_protection() and previously did not call kobject_put(), leaving the kobject reference unreleased. Stable kernel commits add explicit cleanup for that failure path.

Likely exposure

Exposure is limited to systems running affected Linux kernel versions or downstream distributions carrying the vulnerable code. The bundle lists Linux as affected across 4.19 through 6.9-related ranges, with Debian and Fedora advisories indicating packaged updates. Downstream backports may change version-based conclusions.

Exploitation context

No source in the bundle states active exploitation, public exploit availability, or KEV listing. The described issue is a kernel reference leak in an error path; the practical impact and attacker prerequisites are not stated in the provided evidence.

Researcher notes

Evidence supports a reference leak fix, not a broader impact claim. The affected-version data is coarse and downstream distributions may backport fixes. Treat exploitability, reachability, and denial-of-service potential as unconfirmed unless validated against kernel code paths and vendor advisories.

Mitigation direction

  • Apply Linux kernel updates from the operating system or appliance vendor.
  • Prioritize systems where untrusted users or workloads can exercise kernel interfaces.
  • Check Debian, Fedora, Siemens, and kernel stable guidance for affected packaged builds.
  • Plan reboot or live-patching according to your kernel maintenance process.
  • Do not rely only on upstream version numbers; confirm downstream backports.

Validation and detection

  • Inventory running kernel versions across servers, appliances, and container hosts.
  • Compare installed packages against vendor advisories and fixed kernel releases.
  • Confirm the relevant stable kernel fix is included in your vendor build.
  • Verify rebooted hosts are running the updated kernel package.
  • Document any unsupported or end-of-life kernels needing upgrade paths.
Prepared
Confidence
medium
Sources
12

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-26993 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
3ADP providers
16Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
siemens-SADPADP container

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux2afc9166f79b8f6da5f347f48515215ceee4ae37, 2afc9166f79b8f6da5f347f48515215ceee4ae37, 2afc9166f79b8f6da5f347f48515215ceee4ae37, 2afc9166f79b8f6da5f347f48515215ceee4ae37, 2afc9166f79b8f6da5f347f48515215ceee4ae37, 2afc9166f79b8f6da5f347f48515215ceee4ae37, 2afc9166f79b8f6da5f347f48515215ceee4ae37, 2afc9166f79b8f6da5f347f48515215ceee4ae37, e8a37b2fd5b5087bec6cbbf6946ee3caa712953b, a6abc93760dd07fcd29760b70e6e7520f22cb288, 461a6385e58e8247e6ba2005aa5d1b8d980ee4a2, 8a5e02a0f46ea33ed19e48e096a8e8d28e73d10a, c984f4d1d40a2f349503b3faf946502ccbf02f9f, 807d1d299a04e9ad9a9dac55419c1137a105254b, 3.16.62, 3.18.121, 4.4.154, 4.9.125, 4.14.68, 4.18.6unaffected
LinuxLinux4.19, 0, 4.19.313, 5.4.275, 5.10.216, 5.15.157, 6.1.88, 6.6.29, 6.8.8, 6.9affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.