CVE-2024-26642

MEDIUM

Linux Kernel - Unauthenticated Denial of Service via Anonymous Set with Timeout Flag

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.

References (11)

Core 11

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Patch

https://git.kernel.org/stable/c/e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9

Patch

https://git.kernel.org/stable/c/e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f

Patch

https://git.kernel.org/stable/c/fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351

Patch

https://git.kernel.org/stable/c/7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199

Patch

https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a

Patch

https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12

Patch

https://git.kernel.org/stable/c/8e07c16695583a66e81f67ce4c46e94dece47ba7

Patch

https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 1.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (27)

debian/debian_linux 10.0

linux/Kernel 4.1.0 - 4.19.312linux

linux/Kernel 4.20.0 - 5.4.274linux

linux/Kernel 5.11.0 - 5.15.154linux

linux/Kernel 5.16.0 - 6.1.84linux

linux/Kernel 5.5.0 - 5.10.215linux

linux/Kernel 6.2.0 - 6.6.24linux

linux/Kernel 6.7.0 - 6.7.12linux

Linux/Linux < 4.1

Linux/Linux 4.1

... and 17 more

Published Mar 21, 2024

Tracked Since Feb 18, 2026