CVE-2024-26950

wireguard: netlink: access device through ctx instead of peer

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug that led to a NULL peer->device being
dereferenced. It's actually easier and faster performance-wise to
instead get the device from ctx->wg. This semantically makes more sense
too, since ctx->wg->peer_allowedips.seq is compared with
ctx->allowedips_seq, basing them both in ctx. This also acts as a
defence in depth provision against freed peers.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: wireguard: netlink: acceda al dispositivo a través de ctx en lugar de peer. el commit anterior solucionó un error que provocaba que se desreferenciara un dispositivo NULL peer->. En realidad, es más fácil y rápido en cuanto a rendimiento obtener el dispositivo desde ctx->wg. Esto también tiene más sentido semánticamente, ya que ctx->wg->peer_allowedips.seq se compara con ctx->allowedips_seq, basándose ambos en ctx. Esto también actúa como una defensa en profundidad contra los pares liberados.

In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug that led to a NULL peer->device being dereferenced. It's actually easier and faster performance-wise to instead get the device from ctx->wg. This semantically makes more sense too, since ctx->wg->peer_allowedips.seq is compared with ctx->allowedips_seq, basing them both in ctx. This also acts as a defence in depth provision against freed peers.

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-05-01 CVE Published
2025-05-04 CVE Updated
2025-06-22 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/e7096c131e5161fa3b8e52a650d7719d2857adfd	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/493aa6bdcffd90a4f82aa614fe4f4db0641b4068	2024-04-13
https://git.kernel.org/stable/c/4be453271a882c8ebc28df3dbf9e4d95e6ac42f5	2024-04-10
https://git.kernel.org/stable/c/09c3fa70f65175861ca948cb2f0f791e666c90e5	2024-04-03
https://git.kernel.org/stable/c/c991567e6c638079304cc15dff28748e4a3c4a37	2024-04-03
https://git.kernel.org/stable/c/93bcc1752c69bb309f4d8cfaf960ef1faeb34996	2024-04-03
https://git.kernel.org/stable/c/d44bd323d8bb8031eef4bdc44547925998a11e47	2024-04-03
https://git.kernel.org/stable/c/71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f	2024-03-19

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26950	2024-11-12
https://bugzilla.redhat.com/show_bug.cgi?id=2278200	2024-11-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 5.10.215 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.10.215"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 5.15.154 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.15.154"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 6.1.84 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.1.84"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 6.6.24 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.6.24"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 6.7.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.7.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 6.8.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.8.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.9"		en		Affected