CVE-2024-47659

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 9, 2024

Updated: Oct 23, 2024

Summary

CVE-2024-47659 is a vulnerability impacting the Linux kernel's Smack security module. Incorrect labeling of incoming tcp/ipv4 connections has been identified, where the label of the incoming connection is mirrored in the returned packets. This results in unauthorized write access for the labeled entity, as the returned packets carry the label of the connecting entity instead of the intended label. This behavior, first observed in release 2.6.29.4, seems unintentional, as no explanation was provided. To mitigate this issue, returned packets now carry the intended label instead of the connecting entity's label.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zF9gb4
https://www.cve.org/CVERecord?id=CVE-2024-47659
https://nvd.nist.gov/vuln/detail/CVE-2024-47659

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners

CVE-2024-47659

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations