CVE-2024-26668

Summary

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_limit: reject configurations that cause integer overflow

Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s.

Its better to reject this rather than having incorrect ratelimit.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd2168e849ebf617b2b7feae44c0c0baf739cb610 < 79d4efd75e7dbecd855a3b8a63e65f7265f466e1affected
LinuxLinuxd2168e849ebf617b2b7feae44c0c0baf739cb610 < bc6e242bb74e2ae616bfd2b250682b738e781c9baffected
LinuxLinuxd2168e849ebf617b2b7feae44c0c0baf739cb610 < 9882495d02ecc490604f747437a40626dc9160d0affected
LinuxLinuxd2168e849ebf617b2b7feae44c0c0baf739cb610 < 00c2c29aa36d1d1827c51a3720e9f893a22c7c6aaffected
LinuxLinuxd2168e849ebf617b2b7feae44c0c0baf739cb610 < c9d9eb9c53d37cdebbad56b91e40baf42d5a97aaaffected
LinuxLinux4.3affected
LinuxLinux0 < 4.3unaffected
LinuxLinux5.15.149 <= 5.15.*unaffected
LinuxLinux6.1.76 <= 6.1.*unaffected
LinuxLinux6.6.15 <= 6.6.*unaffected
LinuxLinux6.7.3 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References