CVE-2024-26668

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its better to reject this rather than having incorrect ratelimit.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*

History

17 Mar 2025, 15:04

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/00c2c29aa36d1d1827c51a3720e9f893a22c7c6a - () https://git.kernel.org/stable/c/00c2c29aa36d1d1827c51a3720e9f893a22c7c6a - Patch
References () https://git.kernel.org/stable/c/79d4efd75e7dbecd855a3b8a63e65f7265f466e1 - () https://git.kernel.org/stable/c/79d4efd75e7dbecd855a3b8a63e65f7265f466e1 - Patch
References () https://git.kernel.org/stable/c/9882495d02ecc490604f747437a40626dc9160d0 - () https://git.kernel.org/stable/c/9882495d02ecc490604f747437a40626dc9160d0 - Patch
References () https://git.kernel.org/stable/c/bc6e242bb74e2ae616bfd2b250682b738e781c9b - () https://git.kernel.org/stable/c/bc6e242bb74e2ae616bfd2b250682b738e781c9b - Patch
References () https://git.kernel.org/stable/c/c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa - () https://git.kernel.org/stable/c/c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa - Patch
CWE CWE-190
First Time Linux linux Kernel
Linux
CPE cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

21 Nov 2024, 09:02

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/00c2c29aa36d1d1827c51a3720e9f893a22c7c6a - () https://git.kernel.org/stable/c/00c2c29aa36d1d1827c51a3720e9f893a22c7c6a -
References () https://git.kernel.org/stable/c/79d4efd75e7dbecd855a3b8a63e65f7265f466e1 - () https://git.kernel.org/stable/c/79d4efd75e7dbecd855a3b8a63e65f7265f466e1 -
References () https://git.kernel.org/stable/c/9882495d02ecc490604f747437a40626dc9160d0 - () https://git.kernel.org/stable/c/9882495d02ecc490604f747437a40626dc9160d0 -
References () https://git.kernel.org/stable/c/bc6e242bb74e2ae616bfd2b250682b738e781c9b - () https://git.kernel.org/stable/c/bc6e242bb74e2ae616bfd2b250682b738e781c9b -
References () https://git.kernel.org/stable/c/c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa - () https://git.kernel.org/stable/c/c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa -

02 Apr 2024, 12:50

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nft_limit: rechazar configuraciones que causan desbordamiento de enteros Rechazar configuraciones falsas donde el contador de token interno se ajusta. Esto sólo ocurre con solicitudes muy grandes, como 17 gbytes/s. Es mejor rechazar esto en lugar de tener un límite de tasa incorrecto.

02 Apr 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-02 07:15

Updated : 2025-03-17 15:04


NVD link : CVE-2024-26668

Mitre link : CVE-2024-26668

CVE.ORG link : CVE-2024-26668


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-190

Integer Overflow or Wraparound