In the Linux kernel, the following vulnerability has been resolved:
wireguard: netlink: access device through ctx instead of peer The previous
commit fixed a bug that led to a NULL peer->device being dereferenced. It’s
actually easier and faster performance-wise to instead get the device from
ctx->wg. This semantically makes more sense too, since
ctx->wg->peer_allowedips.seq is compared with ctx->allowedips_seq, basing
them both in ctx. This also acts as a defence in depth provision against
freed peers.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | linux | < 5.15.0-116.126 | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < 6.8.0-35.35 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1065.71 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < 6.8.0-1009.9 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1065.71~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1068.77 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < 6.8.0-1008.8 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < 5.15.0-1068.77~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-6.5 | < any | UNKNOWN |
git.kernel.org/linus/71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f (6.9-rc1)
git.kernel.org/stable/c/09c3fa70f65175861ca948cb2f0f791e666c90e5
git.kernel.org/stable/c/493aa6bdcffd90a4f82aa614fe4f4db0641b4068
git.kernel.org/stable/c/4be453271a882c8ebc28df3dbf9e4d95e6ac42f5
git.kernel.org/stable/c/71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f
git.kernel.org/stable/c/93bcc1752c69bb309f4d8cfaf960ef1faeb34996
git.kernel.org/stable/c/c991567e6c638079304cc15dff28748e4a3c4a37
git.kernel.org/stable/c/d44bd323d8bb8031eef4bdc44547925998a11e47
launchpad.net/bugs/cve/CVE-2024-26950
nvd.nist.gov/vuln/detail/CVE-2024-26950
security-tracker.debian.org/tracker/CVE-2024-26950
ubuntu.com/security/notices/USN-6816-1
ubuntu.com/security/notices/USN-6817-1
ubuntu.com/security/notices/USN-6817-2
ubuntu.com/security/notices/USN-6817-3
ubuntu.com/security/notices/USN-6878-1
ubuntu.com/security/notices/USN-6898-1
ubuntu.com/security/notices/USN-6898-2
ubuntu.com/security/notices/USN-6898-3
ubuntu.com/security/notices/USN-6898-4
ubuntu.com/security/notices/USN-6917-1
ubuntu.com/security/notices/USN-6919-1
www.cve.org/CVERecord?id=CVE-2024-26950