CVE-2024-1627

high

Description

2024-07-03: CVE-2023-52620 was added to this advisory. 2024-06-06: CVE-2024-26621 was added to this advisory. 2024-06-06: CVE-2024-27417 was added to this advisory. 2024-05-23: CVE-2024-26782 was added to this advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets (CVE-2023-52620) A vulnerability was discovered in the Linux kernel's IPv4 networking stack. Under certain conditions, MPTCP and NetLabel can be configured in a way that triggers a double free memory error in net/ipv4/af_inet.c:inet_sock_destruct(). This may lead to a system crash, denial of service, or potential arbitrary code execution. (CVE-2024-1627) In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: don't force huge page alignment on 32 bit (CVE-2024-26621) In the Linux kernel, the following vulnerability has been resolved: mptcp: fix double-free on socket dismantle (CVE-2024-26782) In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() (CVE-2024-27417)

Details

Source: Mitre, NVD

Published: 2024-04-25

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H