CVE-2024-26668 Affecting kernel-64k-devel-matched package, versions <0:5.14.0-427.33.1.el9_4
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-ALMALINUX9-KERNEL64KDEVELMATCHED-8329951
- published 4 Nov 2024
- disclosed 28 Aug 2024
Introduced: 28 Aug 2024
CVE-2024-26668 Open this link in a new tabHow to fix?
Upgrade AlmaLinux:9 kernel-64k-devel-matched to version 0:5.14.0-427.33.1.el9_4 or higher.
This issue was patched in ALSA-2024:5928.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-64k-devel-matched package and not the kernel-64k-devel-matched package as distributed by AlmaLinux.
See How to fix? for AlmaLinux:9 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_limit: reject configurations that cause integer overflow
Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s.
Its better to reject this rather than having incorrect ratelimit.
References
- https://errata.almalinux.org/9/ALSA-2024-5928.html
- https://access.redhat.com/security/cve/CVE-2024-26668
- https://access.redhat.com/errata/RHSA-2024:5928
- https://git.kernel.org/stable/c/00c2c29aa36d1d1827c51a3720e9f893a22c7c6a
- https://git.kernel.org/stable/c/79d4efd75e7dbecd855a3b8a63e65f7265f466e1
- https://git.kernel.org/stable/c/9882495d02ecc490604f747437a40626dc9160d0
- https://git.kernel.org/stable/c/bc6e242bb74e2ae616bfd2b250682b738e781c9b
- https://git.kernel.org/stable/c/c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa