CVE-2024-26668

low-risk
Published 2024-04-02

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its better to reject this rather than having incorrect ratelimit.

Do I need to act?

-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (2)

Affected Vendors

Linux

References (10)

Patch https://git.kernel.org/stable/c/00c2c29aa36d1d1827c51a3720e9f893a22c7c6a
Patch https://git.kernel.org/stable/c/79d4efd75e7dbecd855a3b8a63e65f7265f466e1
Patch https://git.kernel.org/stable/c/9882495d02ecc490604f747437a40626dc9160d0
Patch https://git.kernel.org/stable/c/bc6e242bb74e2ae616bfd2b250682b738e781c9b
Patch https://git.kernel.org/stable/c/c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa
Patch https://git.kernel.org/stable/c/00c2c29aa36d1d1827c51a3720e9f893a22c7c6a
Patch https://git.kernel.org/stable/c/79d4efd75e7dbecd855a3b8a63e65f7265f466e1
Patch https://git.kernel.org/stable/c/9882495d02ecc490604f747437a40626dc9160d0
Patch https://git.kernel.org/stable/c/bc6e242bb74e2ae616bfd2b250682b738e781c9b
Patch https://git.kernel.org/stable/c/c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa
25
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 7/34 · Low