PT-2024-3387 · Linux+5 · Linux Kernel+5

Syzbot

Published

2024-01-19

Updated

2025-03-10

CVE-2024-26635

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to the llc conn handler() function in the Linux kernel's LLC (Logical Link Control) module. The function initialises local variables {saddr,daddr}.mac based on skb in llc pdu decode sa()/llc pdu decode da() and passes them to llc lookup(). However, the initialisation is done only when skb->protocol is htons(ETH P 802 2), otherwise, llc lookup established() and llc lookup listener() will read garbage. The missing initialisation existed prior to commit 211ed865108e ("net: delete all instances of special processing for token ring").

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-457CWE-909

Related Identifiers

BDU:2024-03659

CVE-2024-26635

DLA-3840-1

DLA-3842-1

DSA-5681-1

OESA-2024-1566

OESA-2024-1567

OESA-2024-1568

OESA-2024-1647

OESA-2024-1648

OESA-2024-1649

OPENSUSE-SU-2024_2947-1

SUSE-SU-2024:2493-1

SUSE-SU-2024:2561-1

SUSE-SU-2024:2802-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2901-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6765-1

USN-6766-1

USN-6766-2

USN-6766-3

USN-6767-1

USN-6767-2

USN-6774-1

USN-6777-1

USN-6777-2

USN-6777-3

USN-6777-4

USN-6778-1

USN-6795-1

USN-6828-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-3387 · Linux+5 · Linux Kernel+5

CVE-2024-26635

Weakness Enumeration

Related Identifiers

Affected Products

References · 3225