SB20240608145 - Race condition within a thread in Linux kernel net wireguard driver
Published: June 8, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240608145
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition within a thread (CVE-ID: CVE-2024-26861)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the decrypt_packet(), counter_validate() and wg_packet_rx_poll() functions in drivers/net/wireguard/receive.c. A local user can manipulate data.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/f87884e0dffd61b47e58bc6e1e2f6843c212b0cc
- https://git.kernel.org/stable/c/d691be84ab898cf136a35176eaf2f8fc116563f0
- https://git.kernel.org/stable/c/45a83b220c83e3c326513269afbf69ae6fc65cce
- https://git.kernel.org/stable/c/78739d72f16b2d7d549f713f1dfebd678d32484b
- https://git.kernel.org/stable/c/3f94da807fe1668b9830f0eefbbf7e887b0a7bc6
- https://git.kernel.org/stable/c/fdf16de078a97bf14bb8ee2b8d47cc3d3ead09ed
- https://git.kernel.org/stable/c/bba045dc4d996d03dce6fe45726e78a1a1f6d4c3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.153
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2