#VU91434 Race condition within a thread in Linux kernel


Published: 2024-06-08

Vulnerability identifier: #VU91434

Vulnerability risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26862

CWE-ID: CWE-366

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the packet_setsockopt() and packet_getsockopt() functions in net/packet/af_packet.c, within the dev_queue_xmit_nit() function in net/core/dev.c. A local user can manipulate data.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/84c510411e321caff3c07e6cd0f917f06633cfc0
http://git.kernel.org/stable/c/68e84120319d4fc298fcdb14cf0bea6a0f64ffbd
http://git.kernel.org/stable/c/d35b62c224e70797f8a1c37fe9bc4b3e294b7560
http://git.kernel.org/stable/c/ef7eed7e11d23337310ecc2c014ecaeea52719c5
http://git.kernel.org/stable/c/2c02c5059c78a52d170bdee4a369b470de6deb37
http://git.kernel.org/stable/c/ee413f30ec4fe94a0bdf32c8f042cb06fa913234
http://git.kernel.org/stable/c/8b1e273c6afcf00d3c40a54ada7d6aac1b503b97
http://git.kernel.org/stable/c/6ebfad33161afacb3e1e59ed1c2feefef70f9f97

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Race condition within a thread in Linux kernel core