Race condition within a thread in Linux kernel core
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-26862 |
| CWE-ID | CWE-366 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Race condition within a thread
EUVDB-ID: #VU91434
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26862
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the packet_setsockopt() and packet_getsockopt() functions in net/packet/af_packet.c, within the dev_queue_xmit_nit() function in net/core/dev.c. A local user can manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/84c510411e321caff3c07e6cd0f917f06633cfc0
http://git.kernel.org/stable/c/68e84120319d4fc298fcdb14cf0bea6a0f64ffbd
http://git.kernel.org/stable/c/d35b62c224e70797f8a1c37fe9bc4b3e294b7560
http://git.kernel.org/stable/c/ef7eed7e11d23337310ecc2c014ecaeea52719c5
http://git.kernel.org/stable/c/2c02c5059c78a52d170bdee4a369b470de6deb37
http://git.kernel.org/stable/c/ee413f30ec4fe94a0bdf32c8f042cb06fa913234
http://git.kernel.org/stable/c/8b1e273c6afcf00d3c40a54ada7d6aac1b503b97
http://git.kernel.org/stable/c/6ebfad33161afacb3e1e59ed1c2feefef70f9f97
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
