0.0
NA
CVE-2024-26862
Linux Kernel Packet Module Data Race Vulnerability
Description

In the Linux kernel, the following vulnerability has been resolved: packet: annotate data-races around ignore_outgoing ignore_outgoing is read locklessly from dev_queue_xmit_nit() and packet_getsockopt() Add appropriate READ_ONCE()/WRITE_ONCE() annotations. syzbot reported: BUG: KCSAN: data-race in dev_queue_xmit_nit / packet_setsockopt write to 0xffff888107804542 of 1 bytes by task 22618 on cpu 0: packet_setsockopt+0xd83/0xfd0 net/packet/af_packet.c:4003 do_sock_setsockopt net/socket.c:2311 [inline] __sys_setsockopt+0x1d8/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0x66/0x80 net/socket.c:2340 do_syscall_64+0xd3/0x1d0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 read to 0xffff888107804542 of 1 bytes by task 27 on cpu 1: dev_queue_xmit_nit+0x82/0x620 net/core/dev.c:2248 xmit_one net/core/dev.c:3527 [inline] dev_hard_start_xmit+0xcc/0x3f0 net/core/dev.c:3547 __dev_queue_xmit+0xf24/0x1dd0 net/core/dev.c:4335 dev_queue_xmit include/linux/netdevice.h:3091 [inline] batadv_send_skb_packet+0x264/0x300 net/batman-adv/send.c:108 batadv_send_broadcast_skb+0x24/0x30 net/batman-adv/send.c:127 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:392 [inline] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0x3f0/0x4b0 net/batman-adv/bat_iv_ogm.c:1700 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0x465/0x990 kernel/workqueue.c:3335 worker_thread+0x526/0x730 kernel/workqueue.c:3416 kthread+0x1d1/0x210 kernel/kthread.c:388 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 value changed: 0x00 -> 0x01 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 27 Comm: kworker/u8:1 Tainted: G W 6.8.0-syzkaller-08073-g480e035fc4c7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet

INFO

Published Date :

April 17, 2024, 11:15 a.m.

Last Modified :

Nov. 21, 2024, 9:03 a.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

Exploitability Score :

Affected Products

The following products are affected by CVE-2024-26862 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-26862.

URL Resource
https://git.kernel.org/stable/c/2c02c5059c78a52d170bdee4a369b470de6deb37
https://git.kernel.org/stable/c/68e84120319d4fc298fcdb14cf0bea6a0f64ffbd
https://git.kernel.org/stable/c/6ebfad33161afacb3e1e59ed1c2feefef70f9f97
https://git.kernel.org/stable/c/84c510411e321caff3c07e6cd0f917f06633cfc0
https://git.kernel.org/stable/c/8b1e273c6afcf00d3c40a54ada7d6aac1b503b97
https://git.kernel.org/stable/c/d35b62c224e70797f8a1c37fe9bc4b3e294b7560
https://git.kernel.org/stable/c/ee413f30ec4fe94a0bdf32c8f042cb06fa913234
https://git.kernel.org/stable/c/ef7eed7e11d23337310ecc2c014ecaeea52719c5
https://git.kernel.org/stable/c/2c02c5059c78a52d170bdee4a369b470de6deb37
https://git.kernel.org/stable/c/68e84120319d4fc298fcdb14cf0bea6a0f64ffbd
https://git.kernel.org/stable/c/6ebfad33161afacb3e1e59ed1c2feefef70f9f97
https://git.kernel.org/stable/c/84c510411e321caff3c07e6cd0f917f06633cfc0
https://git.kernel.org/stable/c/8b1e273c6afcf00d3c40a54ada7d6aac1b503b97
https://git.kernel.org/stable/c/d35b62c224e70797f8a1c37fe9bc4b3e294b7560
https://git.kernel.org/stable/c/ee413f30ec4fe94a0bdf32c8f042cb06fa913234
https://git.kernel.org/stable/c/ef7eed7e11d23337310ecc2c014ecaeea52719c5
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-26862 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-26862 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Mar. 04, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE CWE-362
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 from (excluding) 6.7.11 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 from (excluding) 6.6.23 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 from (excluding) 6.1.83 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 from (excluding) 5.15.153 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 from (excluding) 5.10.214 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 from (excluding) 5.4.273 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.8 from (excluding) 6.8.2
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    Added Reference Type CVE: https://git.kernel.org/stable/c/2c02c5059c78a52d170bdee4a369b470de6deb37 Types: Mailing List, Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/2c02c5059c78a52d170bdee4a369b470de6deb37 Types: Mailing List, Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/68e84120319d4fc298fcdb14cf0bea6a0f64ffbd Types: Mailing List, Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/68e84120319d4fc298fcdb14cf0bea6a0f64ffbd Types: Mailing List, Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/6ebfad33161afacb3e1e59ed1c2feefef70f9f97 Types: Mailing List, Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/6ebfad33161afacb3e1e59ed1c2feefef70f9f97 Types: Mailing List, Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/84c510411e321caff3c07e6cd0f917f06633cfc0 Types: Mailing List, Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/84c510411e321caff3c07e6cd0f917f06633cfc0 Types: Mailing List, Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/8b1e273c6afcf00d3c40a54ada7d6aac1b503b97 Types: Mailing List, Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/8b1e273c6afcf00d3c40a54ada7d6aac1b503b97 Types: Mailing List, Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/d35b62c224e70797f8a1c37fe9bc4b3e294b7560 Types: Mailing List, Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/d35b62c224e70797f8a1c37fe9bc4b3e294b7560 Types: Mailing List, Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/ee413f30ec4fe94a0bdf32c8f042cb06fa913234 Types: Mailing List, Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/ee413f30ec4fe94a0bdf32c8f042cb06fa913234 Types: Mailing List, Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/ef7eed7e11d23337310ecc2c014ecaeea52719c5 Types: Mailing List, Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/ef7eed7e11d23337310ecc2c014ecaeea52719c5 Types: Mailing List, Patch
    Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Types: Mailing List
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/2c02c5059c78a52d170bdee4a369b470de6deb37
    Added Reference https://git.kernel.org/stable/c/68e84120319d4fc298fcdb14cf0bea6a0f64ffbd
    Added Reference https://git.kernel.org/stable/c/6ebfad33161afacb3e1e59ed1c2feefef70f9f97
    Added Reference https://git.kernel.org/stable/c/84c510411e321caff3c07e6cd0f917f06633cfc0
    Added Reference https://git.kernel.org/stable/c/8b1e273c6afcf00d3c40a54ada7d6aac1b503b97
    Added Reference https://git.kernel.org/stable/c/d35b62c224e70797f8a1c37fe9bc4b3e294b7560
    Added Reference https://git.kernel.org/stable/c/ee413f30ec4fe94a0bdf32c8f042cb06fa913234
    Added Reference https://git.kernel.org/stable/c/ef7eed7e11d23337310ecc2c014ecaeea52719c5
    Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Nov. 05, 2024

    Action Type Old Value New Value
    Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 25, 2024

    Action Type Old Value New Value
    Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html [No types assigned]
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 29, 2024

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Apr. 17, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: packet: annotate data-races around ignore_outgoing ignore_outgoing is read locklessly from dev_queue_xmit_nit() and packet_getsockopt() Add appropriate READ_ONCE()/WRITE_ONCE() annotations. syzbot reported: BUG: KCSAN: data-race in dev_queue_xmit_nit / packet_setsockopt write to 0xffff888107804542 of 1 bytes by task 22618 on cpu 0: packet_setsockopt+0xd83/0xfd0 net/packet/af_packet.c:4003 do_sock_setsockopt net/socket.c:2311 [inline] __sys_setsockopt+0x1d8/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0x66/0x80 net/socket.c:2340 do_syscall_64+0xd3/0x1d0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 read to 0xffff888107804542 of 1 bytes by task 27 on cpu 1: dev_queue_xmit_nit+0x82/0x620 net/core/dev.c:2248 xmit_one net/core/dev.c:3527 [inline] dev_hard_start_xmit+0xcc/0x3f0 net/core/dev.c:3547 __dev_queue_xmit+0xf24/0x1dd0 net/core/dev.c:4335 dev_queue_xmit include/linux/netdevice.h:3091 [inline] batadv_send_skb_packet+0x264/0x300 net/batman-adv/send.c:108 batadv_send_broadcast_skb+0x24/0x30 net/batman-adv/send.c:127 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:392 [inline] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0x3f0/0x4b0 net/batman-adv/bat_iv_ogm.c:1700 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0x465/0x990 kernel/workqueue.c:3335 worker_thread+0x526/0x730 kernel/workqueue.c:3416 kthread+0x1d1/0x210 kernel/kthread.c:388 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 value changed: 0x00 -> 0x01 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 27 Comm: kworker/u8:1 Tainted: G W 6.8.0-syzkaller-08073-g480e035fc4c7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
    Added Reference kernel.org https://git.kernel.org/stable/c/84c510411e321caff3c07e6cd0f917f06633cfc0 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/68e84120319d4fc298fcdb14cf0bea6a0f64ffbd [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/d35b62c224e70797f8a1c37fe9bc4b3e294b7560 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/ef7eed7e11d23337310ecc2c014ecaeea52719c5 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/2c02c5059c78a52d170bdee4a369b470de6deb37 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/ee413f30ec4fe94a0bdf32c8f042cb06fa913234 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/8b1e273c6afcf00d3c40a54ada7d6aac1b503b97 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/6ebfad33161afacb3e1e59ed1c2feefef70f9f97 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-26862 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-26862 weaknesses.

NONE - Vulnerability Scoring System
:
© cvefeed.io
Latest DB Update: Jul. 14, 2025 10:35