CVE-2024-26668

MEDIUM

Linux Kernel 4.3-5.15.148, 5.16-6.1.75, 6.2-6.6.14, 6.7-6.7.2 - Integer Overflow in nft_limit Token Counter

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its better to reject this rather than having incorrect ratelimit.

References (5)

Core 5

Core References

Patch

https://git.kernel.org/stable/c/79d4efd75e7dbecd855a3b8a63e65f7265f466e1

Patch

https://git.kernel.org/stable/c/bc6e242bb74e2ae616bfd2b250682b738e781c9b

Patch

https://git.kernel.org/stable/c/9882495d02ecc490604f747437a40626dc9160d0

Patch

https://git.kernel.org/stable/c/00c2c29aa36d1d1827c51a3720e9f893a22c7c6a

Patch

https://git.kernel.org/stable/c/c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 15.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (18)

linux/Kernel 4.3.0 - 5.15.149linux

linux/Kernel 5.16.0 - 6.1.76linux

linux/Kernel 6.2.0 - 6.6.15linux

linux/Kernel 6.7.0 - 6.7.3linux

Linux/Linux < 4.3

Linux/Linux 4.3

Linux/Linux 5.15.149 - 5.15.*

Linux/Linux 6.1.76 - 6.1.*

Linux/Linux 6.6.15 - 6.6.*

Linux/Linux 6.7.3 - 6.7.*

... and 8 more

Published Apr 02, 2024

Tracked Since Feb 18, 2026