CVE-2024-26642: netfilter: nf_tables: disallow anonymous set with timeout flag
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: disallow anonymous set with timeout flag
Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFTSETEVAL to ensure legacy meters still work.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: disallow anonymous set with timeout flag
The Linux kernel CVE team has assigned CVE-2024-26642 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024032150-CVE-2024-26642-3549@gregkh/T
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-26642?
CVE-2024-26642 is considered a moderate severity vulnerability in the Linux kernel affecting netfilter functionality.
How do I fix CVE-2024-26642?
To remediate CVE-2024-26642, ensure your Linux kernel is updated to version 6.8 or the specific patched versions provided by your distribution.
What components are affected by CVE-2024-26642?
CVE-2024-26642 affects the netfilter component of the Linux kernel, particularly anonymous sets with timeout flags.
Is CVE-2024-26642 present in older kernel versions?
Yes, CVE-2024-26642 is present in certain older versions of the Linux kernel prior to the fixed releases.
Will CVE-2024-26642 affect system performance?
While the vulnerability primarily addresses a security concern, any associated bug in netfilter functionality could potentially impact system performance.