Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2024-26737
HistoryApr 04, 2024 - 1:52 a.m.

CVE-2024-26737

2024-04-0401:52:29
redhat.com
access.redhat.com
8
linux kernel
bpf_timer_cancel_and_free
bpf_timer_cancel
vulnerability
cve-2024-26737
race condition
uaf
timer->timer

AI Score

6

Confidence

High

EPSS

0

Percentile

15.5%

JSON

A use-after-free flaw was found in the Linux kernel’s BPF functionality. This flaw allows a local user to crash the system.

Mitigation

The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.

For the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:

cat /proc/sys/kernel/unprivileged_bpf_disabled

The setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.

Related

cve 1
nvd 1
cvelist 1
ubuntucve 1
vulnrichment 1
debiancve 1
osv 12
nessus 22
oraclelinux 1
rocky 2
redhat 4
ubuntu 10
openvas 14
slackware 1
debian 1
cve
cve
CVE-2024-26737
2024-04-03 17:15:51
nvd
nvd
CVE-2024-26737
2024-04-03 17:15:51
cvelist
cvelist
CVE-2024-26737 bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
2024-04-03 17:00:23
ubuntucve
ubuntucve
CVE-2024-26737
2024-04-03 00:00:00
vulnrichment
vulnrichment
CVE-2024-26737 bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
2024-04-03 17:00:23
debiancve
debiancve
CVE-2024-26737
2024-04-03 17:15:51
osv
osv
Moderate: kernel security update
2024-08-01 01:29:12
Moderate: kernel security update
2024-08-21 14:55:16
linux-gkeop, linux-gkeop-5.15, linux-kvm vulnerabilities
2024-06-10 17:13:01
nessus
nessus
Oracle Linux 9 : kernel (ELSA-2024-4928)
2024-08-01 00:00:00
RHEL 9 : kernel (RHSA-2024:4928)
2024-07-31 00:00:00
Rocky Linux 9 : kernel (RLSA-2024:4928)
2024-08-01 00:00:00
oraclelinux
oraclelinux
kernel security update
2024-07-31 00:00:00
rocky
rocky
kernel security update
2024-08-01 01:29:12
kernel security update
2024-08-21 14:55:16
redhat
redhat
(RHSA-2024:4928) Moderate: kernel security update
2024-07-31 00:03:49
(RHSA-2024:5067) Moderate: kernel-rt security update
2024-08-07 00:06:24
(RHSA-2024:5066) Moderate: kernel security update
2024-08-07 00:05:55
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-06-10 00:00:00
Linux kernel (AWS) vulnerabilities
2024-06-11 00:00:00
Linux kernel vulnerabilities
2024-06-07 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6871-1)
2024-07-04 00:00:00
Ubuntu: Security Advisory (USN-6820-1)
2024-06-10 00:00:00
Ubuntu: Security Advisory (USN-6820-2)
2024-06-12 00:00:00
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2024-06-05 19:11:11
debian
debian
[SECURITY] [DSA 5658-1] linux security update
2024-04-13 06:38:27

AI Score

6

Confidence

High

EPSS

0

Percentile

15.5%

JSON
Related for RH:CVE-2024-26737
cve1nvd1cvelist1ubuntucve1vulnrichment1debiancve1osv12nessus22oraclelinux1rocky2redhat4ubuntu10openvas14slackware1debian1