Input validation error in Linux kernel

Vulnerability identifier: #VU94118

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26673

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the nft_ct_expect_obj_init() function in net/netfilter/nft_ct.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483
https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d
https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f
https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98
https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e
https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8
https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

#VU94118 Input validation error in Linux kernel - CVE-2024-26673

Q & A

Latest bulletins with this vulnerability