PT-2024-21450 · Linux+7 · Linux Kernel+7

Pablo Neira Ayuso

Published

2024-04-02

Updated

2025-09-29

CVE-2024-26673

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the netfilter component of the Linux kernel, specifically with the nft ct module. It involves insufficient validation of user-input data in the nft ct expect obj init() function, which can lead to a denial of service. The vulnerability is addressed by sanitizing layer 3 and 4 protocol numbers in custom expectations, disallowing families other than NFPROTO {IPV4,IPV6,INET}, and disallowing layer 4 protocols with no ports.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALSA-2024:3306

ALSA-2025_16880

CVE-2024-26673

DLA-3842-1

DSA-5658-1

DSA-5681-1

INFSA-2024_3306

OESA-2025-1095

OESA-2025-1096

OPENSUSE-SU-2024_1644-1

OPENSUSE-SU-2024_1659-1

OPENSUSE-SU-2024_1663-1

RHSA-2024:3306

RHSA-2024:3460

RHSA-2024:3461

RHSA-2024:4412

RHSA-2024:4415

RHSA-2024_3306

SUSE-SU-2024:1644-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6765-1

USN-6766-1

USN-6766-2

USN-6766-3

USN-6767-1

USN-6767-2

USN-6795-1

USN-6818-1

USN-6818-2

USN-6818-3

USN-6818-4

USN-6819-1

USN-6819-2

USN-6819-3

USN-6819-4

USN-6828-1

Affected Products

Almalinux

Astra Linux

Linuxmint

Linux Kernel

Red Hat

Red Os

Suse

Ubuntu

PT-2024-21450 · Linux+7 · Linux Kernel+7

CVE-2024-26673

Related Identifiers

Affected Products

References · 2716