CVE-2024-26633

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Mar 18, 2024
Updated: Dec 20, 2024

Summary

CVE-2024-26633: A vulnerability was discovered in the Linux kernel's ip6_tnl_parse_tlv_enc_lim function in net/ipv6/ip6_tunnel.c. The issue lies in the handling of NEXTHDR_FRAGMENT, where reading frag_off may access garbage data if enough bytes have not been pulled into skb->head. This could potentially lead to uninitialized value errors and other security issues. The vulnerability was identified by SUSE Labs Security Team and can be traced back to a call to kmalloc_reserve in net/core/skbuff.c, which allocates uninitialized memory that is later used in ip6_tnl_parse_tlv_enc_lim.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share