Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2024-26581— netfilter: nft_set_rbtree: skip end interval element from gc

EPSS 0.29% · P52

Affected Version Matrix 23

VendorProductVersion RangeStatus
LinuxLinux8284a79136c384059e85e278da2210b809730287< c60d252949caf9aba537525195edae6bbabc35ebaffected
acaee227cf79c45a5d2d49c3e9a66333a462802c< 10e9cb39313627f2eae4cd70c4b742074e998fd8affected
893cb3c3513cf661a0ff45fe0cfa83fe27131f76< 4cee42fcf54fec46b344681e7cc4f234bb22f85aaffected
50cbb9d195c197af671869c8cadce3bd483735a0< 2bab493a5624444ec6e648ad0d55a362bcb4c003affected
89a4d1a89751a0fbd520e64091873e19cc0979e8< 1296c110c5a0b45a8fcf58e7d18bc5da61a565cbaffected
f718863aca469a109895cb855e6b81fff4827d71< b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7affected
f718863aca469a109895cb855e6b81fff4827d71< 6eb14441f10602fa1cf691da9d685718b68b78a9affected
f718863aca469a109895cb855e6b81fff4827d71< 60c0c230c6f046da536d3df8b39a20b9a9fd6af0affected
… +15 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-26581

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
netfilter: nft_set_rbtree: skip end interval element from gc
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于 netfilter 模块存在问题,可能导致跳过结束间隔元素。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 8284a79136c384059e85e278da2210b809730287 ~ c60d252949caf9aba537525195edae6bbabc35eb -
LinuxLinux 6.5 -

II. Public POCs for CVE-2024-26581

#POC DescriptionSource LinkShenlong Link
1[CVE-2024-26581] Vulnerability Checker for BGN Internalhttps://github.com/madfxr/CVE-2024-26581-CheckerPOC Details
2Nonehttps://github.com/laoqin1234/Linux-Root-CVE-2024-26581-PoCPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-26581

登录查看更多情报信息。

Mailing List Discussions for CVE-2024-26581 (1)

Other References for CVE-2024-26581 (6)

Same Patch Batch · Linux · 2024-02-20 · 7 CVEs total

CVE-2023-52433netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
CVE-2023-52434smb: client: fix potential OOBs in smb2_parse_contexts()
CVE-2023-52435net: prevent mss overflow in skb_segment()
CVE-2023-52436f2fs: explicitly null-terminate the xattr list
CVE-2023-52438binder: fix use-after-free in shinker's callback
CVE-2023-52439uio: Fix use-after-free in uio_open

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2024-26581

No comments yet

Leave a comment