CVE-2024-26589
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Feb 22, 2024
Updated: Mar 18, 2024
CWE ID 119
Summary
CVE-2024-26589 is a vulnerability affecting the Linux kernel where the check for valid offsets in PTR_TO_FLOW_KEYS is insufficient. The issue allows an attacker to load flow_keys to a register and add a variable offset, resulting in an out-of-bounds access. This can lead to a crash or potential exploitation. The vulnerability is patched by rejecting ptr alu with variable offset on flow_keys. After applying the patch, attempts to execute such programs result in the error message "R7 pointer arithmetic on flow_keys prohibited."
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share