Proof-of-Concept Exploit Released for Linux Kernel Out-of-Bounds Write Vulnerability

Exploitation of CVE-2024-26581 could allow sensitive information disclosure, privilege escalation, or arbitrary code execution

Threat ID:: CC-4544
Threat Severity:: Medium
Published:: 6 September 2024 12:20 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Exploitation of CVE-2024-26581 could allow sensitive information disclosure, privilege escalation, or arbitrary code execution

Affected platforms

The following platforms are known to be affected:

Linux kernel

Threat details

Introduction

The Linux kernel contains an out-of-bounds write vulnerability CVE-2024-26581 with a CVSSv3 score of 7.8. If exploited, a local attacker could leak sensitive information, escalate privileges to root, or execute arbitrary code.

Public proof-of-concept exploit released for CVE-2024-26581

Security researchers have released a public proof-of-concept exploit for CVE-2024-26581. Exploitation is considered more likely.

Remediation advice

Affected organisations are encouraged to contact their Linux IT vendors and update the Linux kernel to version 6.8-rc4 or higher.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2024-26581

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active.

Last edited: 6 September 2024 12:20 pm