CVE-2024-26950

2024-05-0100:00:00

ubuntu.com

linux kernel

vulnerability

wireguard

netlink

device

bug

performance

defence

unix

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON

In the Linux kernel, the following vulnerability has been resolved:
wireguard: netlink: access device through ctx instead of peer The previous
commit fixed a bug that led to a NULL peer->device being dereferenced. It’s
actually easier and faster performance-wise to instead get the device from
ctx->wg. This semantically makes more sense too, since
ctx->wg->peer_allowedips.seq is compared with ctx->allowedips_seq, basing
them both in ctx. This also acts as a defence in depth provision against
freed peers.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< 6.8.0-35.35UNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN
ubuntu23.10noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-aws< 6.8.0-1009.9UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu22.04noarchlinux-azure< anyUNKNOWN
ubuntu23.10noarchlinux-azure< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< 6.8.0-35.35	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< 6.8.0-1009.9	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	23.10	noarch	linux-azure	< any	UNKNOWN