CVE-2024-26679 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: inet: read sk->sk_family once in inet_recv_error() inet_recv_error() is called without holding the socket lock. IPv6 socket could mutate to IPv4 with IPV6_ADDRFORM socket option and trigger a KCSAN warning.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/307fa8a75ab7423fa5c73573ec3d192de5027830
https://git.kernel.org/stable/c/3266e638ba5cc1165f5e6989eb8c0720f1cc4b41
https://git.kernel.org/stable/c/4a5e31bdd3c1702b520506d9cf8c41085f75c7f2
https://git.kernel.org/stable/c/54538752216bf89ee88d47ad07802063a498c299
https://git.kernel.org/stable/c/5993f121fbc01dc2d734f0ff2628009b258fb1dd
https://git.kernel.org/stable/c/88081ba415224cf413101def4343d660f56d082b
https://git.kernel.org/stable/c/caa064c3c2394d03e289ebd6b0be5102eb8a5b40
https://git.kernel.org/stable/c/eef00a82c568944f113f2de738156ac591bbd5cd
https://lore.kernel.org/linux-cve-announce/2024040253-CVE-2024-26679-d520@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26679
https://www.cve.org/CVERecord?id=CVE-2024-26679

History

Wed, 13 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Tue, 05 Nov 2024 10:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Tue, 05 Nov 2024 10:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-02T07:01:43.133Z

Updated: 2024-11-05T09:13:45.183Z

Reserved: 2024-02-19T14:20:24.152Z

Link: CVE-2024-26679

Vulnrichment

Updated: 2024-08-02T00:14:12.659Z

NVD

Status : Awaiting Analysis

Published: 2024-04-02T07:15:44.400

Modified: 2024-11-05T10:15:40.547

Link: CVE-2024-26679

Redhat

Severity : Low

Publid Date: 2024-04-02T00:00:00Z

Links: CVE-2024-26679 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object