CVE-2024-26663

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Apr 2, 2024

Updated: Jan 7, 2025

CWE ID 476

Summary

CVE-2024-26663: A vulnerability was discovered in the Linux kernel's tipc subsystem. When tipc_nl_bearer_add() is called with the TIPC_NLA_BEARER_UDP_OPTS attribute, it inappropriately invokes tipc_udp_nl_bearer_add() for non-UDP bearers. tipc_udp_is_known_peer(), which is called by tipc_udp_nl_bearer_add(), assumes the media_ptr field of the tipc_bearer holds an udp_bearer type object. Consequently, when dealing with non-UDP bearers, this function exhibits erratic behavior, resulting in a null pointer dereference and a general protection fault. This issue has been rectified by implementing a check for the bearer type before calling tipc_udp_nl_bearer_add() in tipc_nl_bearer_add().

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database