CVE-2024-26673 - Vulnerability Details

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel E4s Rhel Eus

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.18.1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:3306	2024-05-23T00:00:00Z
kernel-0:5.14.0-427.18.1.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:3306	2024-05-23T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
kernel-0:5.14.0-70.105.1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2024:4415	2024-07-09T00:00:00Z
kernel-rt-0:5.14.0-70.105.1.rt21.177.el9_0	cpe:/a:redhat:rhel_e4s:9.0::nfv	RHSA-2024:4412	2024-07-09T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.67.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:3461	2024-05-29T00:00:00Z
kernel-rt-0:5.14.0-284.67.1.rt14.352.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:3460	2024-05-29T00:00:00Z

Link	Providers
https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98
https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8
https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d
https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4
https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f
https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e
https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lore.kernel.org/linux-cve-announce/2024040212-CVE-2024-26673-b2d3@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26673
https://www.cve.org/CVERecord?id=CVE-2024-26673

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux Linux Linux linux Kernel
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.8:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.8:rc2::::::
Vendors & Products		Debian Debian debian Linux Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H'}`	cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}`

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-26673", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.150Z", "datePublished": "2024-04-02T06:51:05.857Z", "dateUpdated": "2025-05-04T08:53:39.623Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:53:39.623Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations\n\n- Disallow families other than NFPROTO_{IPV4,IPV6,INET}.\n- Disallow layer 4 protocol with no ports, since destination port is a\n  mandatory attribute for this object."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nft_ct.c"], "versions": [{"version": "857b46027d6f91150797295752581b7155b9d0e1", "lessThan": "f549f340c91f08b938d60266e792ff7748dae483", "status": "affected", "versionType": "git"}, {"version": "857b46027d6f91150797295752581b7155b9d0e1", "lessThan": "65ee90efc928410c6f73b3d2e0afdd762652c09d", "status": "affected", "versionType": "git"}, {"version": "857b46027d6f91150797295752581b7155b9d0e1", "lessThan": "b775ced05489f4b77a35fe203e9aeb22f428e38f", "status": "affected", "versionType": "git"}, {"version": "857b46027d6f91150797295752581b7155b9d0e1", "lessThan": "0f501dae16b7099e69ee9b0d5c70b8f40fd30e98", "status": "affected", "versionType": "git"}, {"version": "857b46027d6f91150797295752581b7155b9d0e1", "lessThan": "cfe3550ea5df292c9e2d608e8c4560032391847e", "status": "affected", "versionType": "git"}, {"version": "857b46027d6f91150797295752581b7155b9d0e1", "lessThan": "38cc1605338d99205a263707f4dde76408d3e0e8", "status": "affected", "versionType": "git"}, {"version": "857b46027d6f91150797295752581b7155b9d0e1", "lessThan": "8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nft_ct.c"], "versions": [{"version": "5.3", "status": "affected"}, {"version": "0", "lessThan": "5.3", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.269", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.210", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.149", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.77", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.16", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.4", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.4.269"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.10.210"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.15.149"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "6.1.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "6.6.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "6.7.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "6.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483"}, {"url": "https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d"}, {"url": "https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f"}, {"url": "https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98"}, {"url": "https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e"}, {"url": "https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8"}, {"url": "https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4"}], "title": "netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26673", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-03T15:12:33.164796Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:48:32.170Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:12.634Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

cveMetadata : { »

cveId : CVE-2024-26673 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2024-02-19T14:20:24.150Z (string)

datePublished : 2024-04-02T06:51:05.857Z (string)

dateUpdated : 2025-05-04T08:53:39.623Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T08:53:39.623Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTO_{IPV4,IPV6,INET}. - Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for this object. (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : net/netfilter/nft_ct.c (string)

]

versions : [ »

0 : { »

version : 857b46027d6f91150797295752581b7155b9d0e1 (string)

lessThan : f549f340c91f08b938d60266e792ff7748dae483 (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : 857b46027d6f91150797295752581b7155b9d0e1 (string)

lessThan : 65ee90efc928410c6f73b3d2e0afdd762652c09d (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : 857b46027d6f91150797295752581b7155b9d0e1 (string)

lessThan : b775ced05489f4b77a35fe203e9aeb22f428e38f (string)

status : affected (string)

versionType : git (string)

}

3 : { »

version : 857b46027d6f91150797295752581b7155b9d0e1 (string)

lessThan : 0f501dae16b7099e69ee9b0d5c70b8f40fd30e98 (string)

status : affected (string)

versionType : git (string)

}

4 : { »

version : 857b46027d6f91150797295752581b7155b9d0e1 (string)

lessThan : cfe3550ea5df292c9e2d608e8c4560032391847e (string)

status : affected (string)

versionType : git (string)

}

5 : { »

version : 857b46027d6f91150797295752581b7155b9d0e1 (string)

lessThan : 38cc1605338d99205a263707f4dde76408d3e0e8 (string)

status : affected (string)

versionType : git (string)

}

6 : { »

version : 857b46027d6f91150797295752581b7155b9d0e1 (string)

lessThan : 8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4 (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : affected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : net/netfilter/nft_ct.c (string)

]

versions : [ »

0 : { »

version : 5.3 (string)

status : affected (string)

}

1 : { »

version : 0 (string)

lessThan : 5.3 (string)

status : unaffected (string)

versionType : semver (string)

}

2 : { »

version : 5.4.269 (string)

lessThanOrEqual : 5.4.* (string)

status : unaffected (string)

versionType : semver (string)

}

3 : { »

version : 5.10.210 (string)

lessThanOrEqual : 5.10.* (string)

status : unaffected (string)

versionType : semver (string)

}

4 : { »

version : 5.15.149 (string)

lessThanOrEqual : 5.15.* (string)

status : unaffected (string)

versionType : semver (string)

}

5 : { »

version : 6.1.77 (string)

lessThanOrEqual : 6.1.* (string)

status : unaffected (string)

versionType : semver (string)

}

6 : { »

version : 6.6.16 (string)

lessThanOrEqual : 6.6.* (string)

status : unaffected (string)

versionType : semver (string)

}

7 : { »

version : 6.7.4 (string)

lessThanOrEqual : 6.7.* (string)

status : unaffected (string)

versionType : semver (string)

}

8 : { »

version : 6.8 (string)

lessThanOrEqual : * (string)

status : unaffected (string)

versionType : original_commit_for_fix (string)

}

]

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.3 (string)

versionEndExcluding : 5.4.269 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.3 (string)

versionEndExcluding : 5.10.210 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.3 (string)

versionEndExcluding : 5.15.149 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.3 (string)

versionEndExcluding : 6.1.77 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.3 (string)

versionEndExcluding : 6.6.16 (string)

}

5 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.3 (string)

versionEndExcluding : 6.7.4 (string)

}

6 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.3 (string)

versionEndExcluding : 6.8 (string)

}

]

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d (string)

}

2 : { »

url : https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f (string)

}

3 : { »

url : https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e (string)

}

5 : { »

url : https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4 (string)

}

]

title : netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (string)

x_generator : { »

engine : bippy-1.2.0 (string)

}

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-26673 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-04-03T15:12:33.164796Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-06-04T17:48:32.170Z (string)

}

1 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T00:14:12.634Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:12.634Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26673", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-03T15:12:33.164796Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:21.453Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "857b46027d6f91150797295752581b7155b9d0e1", "lessThan": "f549f340c91f08b938d60266e792ff7748dae483", "versionType": "git"}, {"status": "affected", "version": "857b46027d6f91150797295752581b7155b9d0e1", "lessThan": "65ee90efc928410c6f73b3d2e0afdd762652c09d", "versionType": "git"}, {"status": "affected", "version": "857b46027d6f91150797295752581b7155b9d0e1", "lessThan": "b775ced05489f4b77a35fe203e9aeb22f428e38f", "versionType": "git"}, {"status": "affected", "version": "857b46027d6f91150797295752581b7155b9d0e1", "lessThan": "0f501dae16b7099e69ee9b0d5c70b8f40fd30e98", "versionType": "git"}, {"status": "affected", "version": "857b46027d6f91150797295752581b7155b9d0e1", "lessThan": "cfe3550ea5df292c9e2d608e8c4560032391847e", "versionType": "git"}, {"status": "affected", "version": "857b46027d6f91150797295752581b7155b9d0e1", "lessThan": "38cc1605338d99205a263707f4dde76408d3e0e8", "versionType": "git"}, {"status": "affected", "version": "857b46027d6f91150797295752581b7155b9d0e1", "lessThan": "8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4", "versionType": "git"}], "programFiles": ["net/netfilter/nft_ct.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.3"}, {"status": "unaffected", "version": "0", "lessThan": "5.3", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.269", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.210", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.149", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.77", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.16", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.4", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/netfilter/nft_ct.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483"}, {"url": "https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d"}, {"url": "https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f"}, {"url": "https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98"}, {"url": "https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e"}, {"url": "https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8"}, {"url": "https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations\n\n- Disallow families other than NFPROTO_{IPV4,IPV6,INET}.\n- Disallow layer 4 protocol with no ports, since destination port is a\n  mandatory attribute for this object."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.269", "versionStartIncluding": "5.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.210", "versionStartIncluding": "5.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.149", "versionStartIncluding": "5.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.77", "versionStartIncluding": "5.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.16", "versionStartIncluding": "5.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.7.4", "versionStartIncluding": "5.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8", "versionStartIncluding": "5.3"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:53:39.623Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26673", "state": "PUBLISHED", "dateUpdated": "2025-05-04T08:53:39.623Z", "dateReserved": "2024-02-19T14:20:24.150Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-02T06:51:05.857Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T00:14:12.634Z (string)

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-26673 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-04-03T15:12:33.164796Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-05-23T19:01:21.453Z (string)

}

title : CISA ADP Vulnrichment (string)

}

]

cna : { »

title : netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (string)

affected : [ »

0 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 857b46027d6f91150797295752581b7155b9d0e1 (string)

lessThan : f549f340c91f08b938d60266e792ff7748dae483 (string)

versionType : git (string)

}

1 : { »

status : affected (string)

version : 857b46027d6f91150797295752581b7155b9d0e1 (string)

lessThan : 65ee90efc928410c6f73b3d2e0afdd762652c09d (string)

versionType : git (string)

}

2 : { »

status : affected (string)

version : 857b46027d6f91150797295752581b7155b9d0e1 (string)

lessThan : b775ced05489f4b77a35fe203e9aeb22f428e38f (string)

versionType : git (string)

}

3 : { »

status : affected (string)

version : 857b46027d6f91150797295752581b7155b9d0e1 (string)

lessThan : 0f501dae16b7099e69ee9b0d5c70b8f40fd30e98 (string)

versionType : git (string)

}

4 : { »

status : affected (string)

version : 857b46027d6f91150797295752581b7155b9d0e1 (string)

lessThan : cfe3550ea5df292c9e2d608e8c4560032391847e (string)

versionType : git (string)

}

5 : { »

status : affected (string)

version : 857b46027d6f91150797295752581b7155b9d0e1 (string)

lessThan : 38cc1605338d99205a263707f4dde76408d3e0e8 (string)

versionType : git (string)

}

6 : { »

status : affected (string)

version : 857b46027d6f91150797295752581b7155b9d0e1 (string)

lessThan : 8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4 (string)

versionType : git (string)

}

]

programFiles : [ »

0 : net/netfilter/nft_ct.c (string)

]

defaultStatus : unaffected (string)

}

1 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 5.3 (string)

}

1 : { »

status : unaffected (string)

version : 0 (string)

lessThan : 5.3 (string)

versionType : semver (string)

}

2 : { »

status : unaffected (string)

version : 5.4.269 (string)

versionType : semver (string)

lessThanOrEqual : 5.4.* (string)

}

3 : { »

status : unaffected (string)

version : 5.10.210 (string)

versionType : semver (string)

lessThanOrEqual : 5.10.* (string)

}

4 : { »

status : unaffected (string)

version : 5.15.149 (string)

versionType : semver (string)

lessThanOrEqual : 5.15.* (string)

}

5 : { »

status : unaffected (string)

version : 6.1.77 (string)

versionType : semver (string)

lessThanOrEqual : 6.1.* (string)

}

6 : { »

status : unaffected (string)

version : 6.6.16 (string)

versionType : semver (string)

lessThanOrEqual : 6.6.* (string)

}

7 : { »

status : unaffected (string)

version : 6.7.4 (string)

versionType : semver (string)

lessThanOrEqual : 6.7.* (string)

}

8 : { »

status : unaffected (string)

version : 6.8 (string)

versionType : original_commit_for_fix (string)

lessThanOrEqual : * (string)

}

]

programFiles : [ »

0 : net/netfilter/nft_ct.c (string)

]

defaultStatus : affected (string)

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d (string)

}

2 : { »

url : https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f (string)

}

3 : { »

url : https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e (string)

}

5 : { »

url : https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4 (string)

}

]

x_generator : { »

engine : bippy-1.2.0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTO_{IPV4,IPV6,INET}. - Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for this object. (string)

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

negate : false (boolean)

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.4.269 (string)

versionStartIncluding : 5.3 (string)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.10.210 (string)

versionStartIncluding : 5.3 (string)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.15.149 (string)

versionStartIncluding : 5.3 (string)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.1.77 (string)

versionStartIncluding : 5.3 (string)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.6.16 (string)

versionStartIncluding : 5.3 (string)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.7.4 (string)

versionStartIncluding : 5.3 (string)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.8 (string)

versionStartIncluding : 5.3 (string)

}

]

operator : OR (string)

}

]

}

]

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T08:53:39.623Z (string)

}

cveMetadata : { »

cveId : CVE-2024-26673 (string)

state : PUBLISHED (string)

dateUpdated : 2025-05-04T08:53:39.623Z (string)

dateReserved : 2024-02-19T14:20:24.150Z (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

datePublished : 2024-04-02T06:51:05.857Z (string)

assignerShortName : Linux (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "493D0365-C952-40A6-A77B-80FAF041BFA4", "versionEndExcluding": "5.4.269", "versionStartIncluding": "5.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5CB4CA6-A9A0-4AFD-9102-8CF94D708170", "versionEndExcluding": "5.10.210", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D0465BB-4053-4E15-9137-6696EBAE90FD", "versionEndExcluding": "5.15.149", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FA28946-970D-4F4D-B759-4E77B28809B5", "versionEndExcluding": "6.1.77", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5007D6A-4B58-423A-8A3A-A1A656A263C8", "versionEndExcluding": "6.6.16", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "848BC44C-9D25-4557-A50A-4B8BF310FA78", "versionEndExcluding": "6.7.4", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations\n\n- Disallow families other than NFPROTO_{IPV4,IPV6,INET}.\n- Disallow layer 4 protocol with no ports, since destination port is a\n  mandatory attribute for this object."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netfilter: nft_ct: desinfecta el n\u00famero de protocolo de capa 3 y 4 en expectativas personalizadas - No permitir familias que no sean NFPROTO_{IPV4,IPV6,INET}. - No permitir el protocolo de capa 4 sin puertos, ya que el puerto de destino es un atributo obligatorio para este objeto."}], "id": "CVE-2024-26673", "lastModified": "2025-03-17T15:43:02.517", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-02T07:15:43.967", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 493D0365-C952-40A6-A77B-80FAF041BFA4 (string)

versionEndExcluding : 5.4.269 (string)

versionStartIncluding : 5.3 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F5CB4CA6-A9A0-4AFD-9102-8CF94D708170 (string)

versionEndExcluding : 5.10.210 (string)

versionStartIncluding : 5.5 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0D0465BB-4053-4E15-9137-6696EBAE90FD (string)

versionEndExcluding : 5.15.149 (string)

versionStartIncluding : 5.11 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0FA28946-970D-4F4D-B759-4E77B28809B5 (string)

versionEndExcluding : 6.1.77 (string)

versionStartIncluding : 5.16 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A5007D6A-4B58-423A-8A3A-A1A656A263C8 (string)

versionEndExcluding : 6.6.16 (string)

versionStartIncluding : 6.2 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 848BC44C-9D25-4557-A50A-4B8BF310FA78 (string)

versionEndExcluding : 6.7.4 (string)

versionStartIncluding : 6.7 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:* (string)

matchCriteriaId : B9F4EA73-0894-400F-A490-3A397AB7A517 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 056BD938-0A27-4569-B391-30578B309EE3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 07B237A9-69A3-4A9C-9DA0-4E06BD37AE73 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTO_{IPV4,IPV6,INET}. - Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for this object. (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nft_ct: desinfecta el número de protocolo de capa 3 y 4 en expectativas personalizadas - No permitir familias que no sean NFPROTO_{IPV4,IPV6,INET}. - No permitir el protocolo de capa 4 sin puertos, ya que el puerto de destino es un atributo obligatorio para este objeto. (string)

}

]

id : CVE-2024-26673 (string)

lastModified : 2025-03-17T15:43:02.517 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.1 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.2 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-04-02T07:15:43.967 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98 (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8 (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d (string)

}

3 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4 (string)

}

4 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f (string)

}

5 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e (string)

}

6 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

]

url : https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2024:3306", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.18.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:3306", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.18.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-05-23T00:00:00Z"}, {"advisory": "RHSA-2024:4415", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "kernel-0:5.14.0-70.105.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-07-09T00:00:00Z"}, {"advisory": "RHSA-2024:4412", "cpe": "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.105.1.rt21.177.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-07-09T00:00:00Z"}, {"advisory": "RHSA-2024:3461", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.67.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-05-29T00:00:00Z"}, {"advisory": "RHSA-2024:3460", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.67.1.rt14.352.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-05-29T00:00:00Z"}], "bugzilla": {"description": "kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations", "id": "2272816", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272816"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations\n- Disallow families other than NFPROTO_{IPV4,IPV6,INET}.\n- Disallow layer 4 protocol with no ports, since destination port is a\nmandatory attribute for this object."], "name": "CVE-2024-26673", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26673\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26673\nhttps://lore.kernel.org/linux-cve-announce/2024040212-CVE-2024-26673-b2d3@gregkh/T"], "threat_severity": "Low"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2024:3306 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : kernel-0:5.14.0-427.18.1.el9_4 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2024-05-23T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2024:3306 (string)

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

package : kernel-0:5.14.0-427.18.1.el9_4 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2024-05-23T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2024:4415 (string)

cpe : cpe:/a:redhat:rhel_e4s:9.0 (string)

package : kernel-0:5.14.0-70.105.1.el9_0 (string)

product_name : Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions (string)

release_date : 2024-07-09T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2024:4412 (string)

cpe : cpe:/a:redhat:rhel_e4s:9.0::nfv (string)

package : kernel-rt-0:5.14.0-70.105.1.rt21.177.el9_0 (string)

product_name : Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions (string)

release_date : 2024-07-09T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2024:3461 (string)

cpe : cpe:/a:redhat:rhel_eus:9.2 (string)

package : kernel-0:5.14.0-284.67.1.el9_2 (string)

product_name : Red Hat Enterprise Linux 9.2 Extended Update Support (string)

release_date : 2024-05-29T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2024:3460 (string)

cpe : cpe:/a:redhat:rhel_eus:9.2::nfv (string)

package : kernel-rt-0:5.14.0-284.67.1.rt14.352.el9_2 (string)

product_name : Red Hat Enterprise Linux 9.2 Extended Update Support (string)

release_date : 2024-05-29T00:00:00Z (string)

}

]

bugzilla : { »

description : kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (string)

id : 2272816 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2272816 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 6.1 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H (string)

status : verified (string)

}

cwe : CWE-99 (string)

details : [ »

0 : In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTO_{IPV4,IPV6,INET}. - Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for this object. (string)

]

name : CVE-2024-26673 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

5 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2024-04-02T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2024-26673 https://nvd.nist.gov/vuln/detail/CVE-2024-26673 https://lore.kernel.org/linux-cve-announce/2024040212-CVE-2024-26673-b2d3@gregkh/T (string)

]

threat_severity : Low (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object