#VU91433 Race condition within a thread in Linux kernel - CVE-2024-26861
Published: June 8, 2024 / Updated: May 13, 2025
Vulnerability identifier: #VU91433
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-26861
CWE-ID: CWE-366
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the decrypt_packet(), counter_validate() and wg_packet_rx_poll() functions in drivers/net/wireguard/receive.c. A local user can manipulate data.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/f87884e0dffd61b47e58bc6e1e2f6843c212b0cc
- https://git.kernel.org/stable/c/d691be84ab898cf136a35176eaf2f8fc116563f0
- https://git.kernel.org/stable/c/45a83b220c83e3c326513269afbf69ae6fc65cce
- https://git.kernel.org/stable/c/78739d72f16b2d7d549f713f1dfebd678d32484b
- https://git.kernel.org/stable/c/3f94da807fe1668b9830f0eefbbf7e887b0a7bc6
- https://git.kernel.org/stable/c/fdf16de078a97bf14bb8ee2b8d47cc3d3ead09ed
- https://git.kernel.org/stable/c/bba045dc4d996d03dce6fe45726e78a1a1f6d4c3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.153
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2