CVE-2024-26950

wireguard: netlink: access device through ctx instead of peer

Description

In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug that led to a NULL peer->device being dereferenced. It's actually easier and faster performance-wise to instead get the device from ctx->wg. This semantically makes more sense too, since ctx->wg->peer_allowedips.seq is compared with ctx->allowedips_seq, basing them both in ctx. This also acts as a defence in depth provision against freed peers.

INFO

Published Date :

2024-05-01T05:18:29.902Z

Last Modified :

2025-05-04T09:00:31.028Z

Source :

Linux

AFFECTED PRODUCTS

The following products are affected by CVE-2024-26950 vulnerability.

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel
Redhat	Enterprise Linux

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-26950.

URL	Resource
https://git.kernel.org/stable/c/09c3fa70f65175861ca948cb2f0f791e666c90e5
https://git.kernel.org/stable/c/493aa6bdcffd90a4f82aa614fe4f4db0641b4068
https://git.kernel.org/stable/c/4be453271a882c8ebc28df3dbf9e4d95e6ac42f5
https://git.kernel.org/stable/c/71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f
https://git.kernel.org/stable/c/93bcc1752c69bb309f4d8cfaf960ef1faeb34996
https://git.kernel.org/stable/c/c991567e6c638079304cc15dff28748e4a3c4a37
https://git.kernel.org/stable/c/d44bd323d8bb8031eef4bdc44547925998a11e47
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lore.kernel.org/linux-cve-announce/2024050127-CVE-2024-26950-4424@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26950
https://www.cve.org/CVERecord?id=CVE-2024-26950

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact