Lucene search

K
redhatcveRedhat.comRH:CVE-2024-26636
HistoryMar 18, 2024 - 2:22 p.m.

CVE-2024-26636

2024-03-1814:22:54
redhat.com
access.redhat.com
8
linux kernel
llc_ui_sendmsg()
vulnerability
syzbot exploitation

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.1%

A vulnerability was found in llc protocol in Linux Kernel allows llc_ui_sendmsg() to allocate a socket buffer (skb) with insufficient headroom and later attempt to push 14 bytes of Ethernet header. This occurred because the function released the socket lock before allocating the skb and did not revalidate sanity checks upon reacquiring the lock. This could lead to system instability or DoS.

Mitigation

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.1%