Vulnerability identifier: #VU93747

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26809

CWE-ID: CWE-404

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the nft_pipapo_destroy() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

---

External links
http://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144
http://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c
http://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af
http://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2
http://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b
http://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2
http://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.