CVE-2024-26950

Summary

In the Linux kernel, the following vulnerability has been resolved:

wireguard: netlink: access device through ctx instead of peer

The previous commit fixed a bug that led to a NULL peer->device being dereferenced. It's actually easier and faster performance-wise to instead get the device from ctx->wg. This semantically makes more sense too, since ctx->wg->peer_allowedips.seq is compared with ctx->allowedips_seq, basing them both in ctx. This also acts as a defence in depth provision against freed peers.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxe7096c131e5161fa3b8e52a650d7719d2857adfd < 493aa6bdcffd90a4f82aa614fe4f4db0641b4068affected
LinuxLinuxe7096c131e5161fa3b8e52a650d7719d2857adfd < 4be453271a882c8ebc28df3dbf9e4d95e6ac42f5affected
LinuxLinuxe7096c131e5161fa3b8e52a650d7719d2857adfd < 09c3fa70f65175861ca948cb2f0f791e666c90e5affected
LinuxLinuxe7096c131e5161fa3b8e52a650d7719d2857adfd < c991567e6c638079304cc15dff28748e4a3c4a37affected
LinuxLinuxe7096c131e5161fa3b8e52a650d7719d2857adfd < 93bcc1752c69bb309f4d8cfaf960ef1faeb34996affected
LinuxLinuxe7096c131e5161fa3b8e52a650d7719d2857adfd < d44bd323d8bb8031eef4bdc44547925998a11e47affected
LinuxLinuxe7096c131e5161fa3b8e52a650d7719d2857adfd < 71cbd32e3db82ea4a74e3ef9aeeaa6971969c86faffected
LinuxLinux5.6affected
LinuxLinux0 < 5.6unaffected
LinuxLinux5.10.215 <= 5.10.*unaffected
LinuxLinux5.15.154 <= 5.15.*unaffected
LinuxLinux6.1.84 <= 6.1.*unaffected
LinuxLinux6.6.24 <= 6.6.*unaffected
LinuxLinux6.7.12 <= 6.7.*unaffected
LinuxLinux6.8.3 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References