CVE-2024-26633
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-26633: A vulnerability was discovered in the Linux kernel's ip6_tnl_parse_tlv_enc_lim function in net/ipv6/ip6_tunnel.c. The issue lies in the handling of NEXTHDR_FRAGMENT, where reading frag_off may access garbage data if enough bytes have not been pulled into skb->head. This could potentially lead to uninitialized value errors and other security issues. The vulnerability was identified by SUSE Labs Security Team and can be traced back to a call to kmalloc_reserve in net/core/skbuff.c, which allocates uninitialized memory that is later used in ip6_tnl_parse_tlv_enc_lim.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX