CVE-2024-26589

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 22, 2024
Updated: Mar 18, 2024
CWE ID 119

Summary

CVE-2024-26589 is a vulnerability affecting the Linux kernel where the check for valid offsets in PTR_TO_FLOW_KEYS is insufficient. The issue allows an attacker to load flow_keys to a register and add a variable offset, resulting in an out-of-bounds access. This can lead to a crash or potential exploitation. The vulnerability is patched by rejecting ptr alu with variable offset on flow_keys. After applying the patch, attempts to execute such programs result in the error message "R7 pointer arithmetic on flow_keys prohibited."

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share