CVE-2024-26951

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc2-debug+

Description The issue is related to a use-after-free error in the wg get device dump() function when handling peers in the WireGuard netlink interface. If all peers are removed via wg peer remove all(), the peer is added to a temporary list, and if a netlink dump is resumed, it will attempt to dump freed peers, leading to a slab-use-after-free error. This can be reproduced with a specific script that sets up a WireGuard configuration and then removes and reconfigures peers. The error results in a BUG: KASAN: slab-use-after-free in lock acquire+0x182a/0x1b20. The fix involves checking peer->is dead instead of an empty list to prevent this issue.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, versions 6.8.0-rc2-debug and later should include the necessary patches. If updating is not immediately possible, consider temporarily disabling the WireGuard interface or restricting access to it to minimize the risk of exploitation.