CVE-2024-26641

Name of the Vulnerable Software and Affected Versions: Linux kernel version 6.7.0-syzkaller-00562-g9f8413c4a66f

Description: The vulnerability is related to the ip6 tnl rcv() function in the Linux kernel's IPv6 implementation. The function could access uninitialized data, which may allow a remote attacker to disclose sensitive information or cause a denial of service. The issue is fixed by calling pskb inet may pull() to ensure the inner header is properly pulled and initializing the ipv6h variable after this call.

Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for the vulnerability. As a temporary workaround, consider disabling the ip6 tnl rcv() function until a patch is available. However, this may have significant performance implications and should be carefully evaluated before implementation.

Note: The provided information does not specify the exact version that includes the fix, so it is recommended to update to the latest available version of the Linux kernel.