PT-2024-7578 · Linux+6 · Linux Kernel+6

Konstantin Andreev

·

Published

2024-06-05

·

Updated

2026-03-24

·

CVE-2024-47659

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.29.4
Description The issue is related to the smack inet conn request() function in the Linux kernel's Smack implementation, which incorrectly labels packets in IPv4 connections. This can allow an unauthorized party to impact the confidentiality, integrity, and availability of protected information. The vulnerability manifests when a label 'foo' connects to a label 'bar' with tcp/ipv4, and 'foo' always gets 'foo' in returned ipv4 packets, instead of the expected 'bar' label. This can lead to 'bar' writing to 'foo' without authorization.
Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the incorrect labeling in Smack's tcp/ipv4 connections. As a temporary workaround, consider restricting access to the smack inet conn request() function until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-12535
ALT-PU-2024-14046
ALT-PU-2024-15824
BDU:2024-08984
CVE-2024-47659
DLA-4008-1
OESA-2024-2325
OESA-2024-2368
OESA-2024-2369
OESA-2024-2370
OESA-2024-2371
USN-7088-1
USN-7088-2
USN-7088-3
USN-7088-4
USN-7088-5
USN-7100-1
USN-7100-2
USN-7119-1
USN-7123-1
USN-7144-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7194-1
USN-7196-1
USN-8070-1
USN-8070-2
USN-8070-3
USN-8112-1
USN-8112-2
USN-8112-3
USN-8112-4
USN-8112-5

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Ubuntu