Skipping End Interval Elements in Lazy GC

CVE-2024-26581
7.8HIGH

Key Information

Vendor
Linux
Status
Linux
Vendor
CVE Published:
20 February 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

A critical security vulnerability, identified as CVE-2024-26581, has been discovered in the Linux kernel, posing significant risks to systems worldwide. The vulnerability affects the netfilter component, specifically the nft_set_rbtree module, and has been classified with a CVSS 3.1 severity score of 7.8. The issue arises from an oversight in the garbage collection process of the rbtree data structure, leading to the potential unauthorized access or execution of malicious code. The impact is rated as high severity due to its potential impact on confidentiality, integrity, and availability, and the attack vector is local, requiring low complexity and privileges with no user interaction needed. Multiple versions of the Linux kernel are affected, but patches have been released for various distributions. A proof-of-concept exploit has been released, highlighting the critical nature of the vulnerability. System administrators are urged to apply the latest security patches to affected systems immediately to mitigate potential exploitation.

Affected Version(s)

Linux < 8284a79136c3

Linux < 10e9cb393136

Linux < 4cee42fcf54f

News Articles

favicon imageCybersecurityNews

PoC Exploit Released for Linux Kernel Vulnerability that Allows Root Access

poc releaed for a critical security vulnerability, identified as CVE-2024-26581, has been discovered in the Linux kernel, posing significant risks to systems worldwide

3 months ago

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • First article discovered by CybersecurityNews

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database1 News Article(s)
.