PT-2024-1993 · Linux+6 · Linux Kernel+6

Published

2024-01-11

Updated

2025-09-29

CVE-2024-26597

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0

Description The vulnerability is related to a global out-of-bounds read in the rmnet policy variable when parsing netlink attributes. This occurs because the rmnet link ops variable assigns a larger maxtype value, leading to an out-of-bounds read. The issue is detected by the KASAN (Kernel Address Sanitizer) tool. The vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the global out-of-bounds read in rmnet policy. Specifically, update to a version later than 6.1.0. As a temporary workaround, consider disabling the nla parse nested deprecated function until a patch is available. However, this may have unintended consequences and should be carefully evaluated before implementation.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025_16880

ALT-PU-2024-17576

BDU:2024-01842

CVE-2024-26597

DLA-3840-1

DLA-3841-1

LSN-0103-1

LSN-0104-1

OESA-2024-1392

OESA-2024-1393

OESA-2024-1394

OESA-2024-1395

OESA-2024-1396

OESA-2024-1397

SUSE-SU-2024:2008-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2190-1

USN-6688-1

USN-6707-1

USN-6707-2

USN-6707-3

USN-6707-4

USN-6725-1

USN-6725-2

USN-6726-1

USN-6726-2

USN-6726-3

Affected Products

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-1993 · Linux+6 · Linux Kernel+6

CVE-2024-26597

Weakness Enumeration

Related Identifiers

Affected Products

References · 1376