CVE-2024-26861
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-26861
CVE Details
| Release Date: | 2024-04-17 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nwireguard: receive: annotate data-race around receiving_counter.counter\nSyzkaller with KCSAN identified a data-race issue when accessing\nkeypair->receiving_counter.counter. Use READ_ONCE() and WRITE_ONCE()\nannotations to mark the data race as intentional.\nBUG: KCSAN: data-race in wg_packet_decrypt_worker / wg_packet_rx_poll\nwrite to 0xffff888107765888 of 8 bytes by interrupt on cpu 0:\ncounter_validate drivers/net/wireguard/receive.c:321 [inline]\nwg_packet_rx_poll+0x3ac/0xf00 drivers/net/wireguard/receive.c:461\n__napi_poll+0x60/0x3b0 net/core/dev.c:6536\nnapi_poll net/core/dev.c:6605 [inline]\nnet_rx_action+0x32b/0x750 net/core/dev.c:6738\n__do_softirq+0xc4/0x279 kernel/softirq.c:553\ndo_softirq+0x5e/0x90 kernel/softirq.c:454\n__local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381\n__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210\nspin_unlock_bh include/linux/spinlock.h:396 [inline]\nptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]\nwg_packet_decrypt_worker+0x6c5/0x700 drivers/net/wireguard/receive.c:499\nprocess_one_work kernel/workqueue.c:2633 [inline]\n...\nread to 0xffff888107765888 of 8 bytes by task 3196 on cpu 1:\ndecrypt_packet drivers/net/wireguard/receive.c:252 [inline]\nwg_packet_decrypt_worker+0x220/0x700 drivers/net/wireguard/receive.c:501\nprocess_one_work kernel/workqueue.c:2633 [inline]\nprocess_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706\nworker_thread+0x525/0x730 kernel/workqueue.c:2787\n...
See more information about CVE-2024-26861 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 4.1 | CVSS Vector: | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector: | Local network | Attack Complexity: | High |
| Privileges Required: | High | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | None |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 9 (kernel) | ELSA-2024-9315 | 2024-11-14 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
