PT-2024-3426 · Linux+7 · Linux Kernel+7

Syzbot

·

Published

2024-03-08

·

Updated

2025-09-29

·

CVE-2024-26882

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The vulnerability is related to the ip tunnel rcv() function in the Linux kernel, which fails to properly handle the inner header of network packets. This can lead to unauthorized access and manipulation of sensitive data. The issue is caused by the lack of initialization of certain variables, which can result in unexpected behavior. The pskb inet may pull() function is used to ensure that the necessary headers are present in the packet, but it does not properly handle the inner header. The vulnerability can be exploited by sending specially crafted packets to the affected system.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-682

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-14046
ALT-PU-2024-7511
AZL-40168
BDU:2024-03708
CVE-2024-26882
DLA-3842-1
DSA-5681-1
INFSA-2024_9315
OPENSUSE-SU-2024_1644-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
RHSA-2024:9315
RHSA-2024_9315
SUSE-SU-2024:1644-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6820-1
USN-6820-2
USN-6821-1
USN-6821-2
USN-6821-3
USN-6821-4
USN-6828-1
USN-6871-1
USN-6878-1
USN-6892-1
USN-6896-1
USN-6896-2
USN-6896-3
USN-6896-4
USN-6896-5
USN-6919-1
USN-6925-1
USN-6926-1
USN-6926-2
USN-6926-3
USN-6938-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu