Skipping End Interval Elements in Lazy GC
CVE-2024-26581

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 February 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

A vulnerability exists within the Linux kernel related to the Netfilter framework where the RBTree memory management system improperly handles the garbage collection of end interval elements during insert transactions. This issue arises when newly added end interval elements are incorrectly collected, leading to potential disruptions in network operations and stability. Proper handling of RBTree structures is essential to maintain the integrity of memory management in networking scenarios.

Affected Version(s)

Linux 8284a79136c384059e85e278da2210b809730287

Linux acaee227cf79c45a5d2d49c3e9a66333a462802c < 10e9cb39313627f2eae4cd70c4b742074e998fd8

Linux 893cb3c3513cf661a0ff45fe0cfa83fe27131f76 < 4cee42fcf54fec46b344681e7cc4f234bb22f85a

News Articles

CybersecurityNews

CVE-2024-26581

PoC Exploit Released for Linux Kernel Vulnerability that Allows Root Access

poc releaed for a critical security vulnerability, identified as CVE-2024-26581, has been discovered in the Linux kernel, posing significant risks to systems worldwide

4 months ago

References

https://git.kernel.org/stable/c/c60d252949caf9aba53752519...

https://git.kernel.org/stable/c/10e9cb39313627f2eae4cd70c...

https://git.kernel.org/stable/c/4cee42fcf54fec46b344681e7...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Dec 19, 2024
📰
First article discovered by CybersecurityNews
Sep 6, 2024
Vulnerability published
Feb 20, 2024
Vulnerability Reserved
Feb 19, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)