CVE-2024-26581 — Use After Free in Linux
Severity
7.8HIGHNVD
OSV7.5OSV7.0OSV6.8
EPSS
0.3%
top 47.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 20
Latest updateAug 14
Description
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: skip end interval element from gc
rbtree lazy gc on insert might collect an end interval element that has
been just added in this transactions, skip end interval elements that
are not yet active.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages13 packages
▶CVEListV5linux/linux8284a79136c384059e85e278da2210b809730287 — c60d252949caf9aba537525195edae6bbabc35eb+9
Also affects: Debian Linux 10.0
Patches
🔴Vulnerability Details
10OSV▶
linux, linux-aws, linux-aws-5.15, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.1↗2024-04-19