#VU91436 Race condition within a thread in Linux kernel


Published: 2024-06-08

Vulnerability identifier: #VU91436

Vulnerability risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26631

CWE-ID: CWE-366

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the ipv6_mc_down() function in net/ipv6/mcast.c. A local user can manipulate data.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/62b3387beef11738eb6ce667601a28fa089fa02c
http://git.kernel.org/stable/c/380540bb06bb1d1b12bdc947d1b8f56cda6b5663
http://git.kernel.org/stable/c/3cc283fd16fba72e2cefe3a6f48d7a36b0438900
http://git.kernel.org/stable/c/3bb5849675ae1d592929798a2b37ea450879c855
http://git.kernel.org/stable/c/2e7ef287f07c74985f1bf2858bedc62bd9ebf155

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Amazon Linux AMI update for kernel
Ubuntu update for linux-hwe-6.5
Ubuntu update for linux-nvidia-6.5
Ubuntu update for linux-laptop
Ubuntu update for linux-oem-6.5
Ubuntu update for linux-aws