cve 2024 26900

About this tag
CVE-2024-26900 is a Linux kernel vulnerability affecting the md (software RAID) subsystem. It involves a memory leak where a serial number allocated for a RAID disk device is not freed if a subsequent kobject_add() call fails. This can lead to persistent kmemleak traces and poses an availability risk for systems that repeatedly exercise the md add-disk path. The fix, described as 'md: fix kmemleak of rdev->serial', closes this correctness gap. While this is a Linux kernel issue, it may be relevant to Windows users running Linux in virtualized or dual-boot environments, or those managing cross-platform storage systems.
  1. CVE-2024-26900: Linux md memory leak and availability risk explained

    A small, surgical change in the Linux kernel’s md (software RAID) code has been recorded as CVE-2024-26900: a memory-management bug where a serial-number allocation for a RAID disk device is not freed if a subsequent kobject_add() call fails, producing persistent kmemleak traces and an...