How severe is CVE-2024-26752?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-26752?

This is classified as CWE-131, which is a common weakness in software security.

CVE-2024-26752

MEDIUM Year: 2024

CVSS v3 Score

5.5

Medium

Weakness Type

CWE-131

View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6_append_data l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the skbuff contains data using skb_queue_empty when deciding how much data to append using ip6_append_data. However, the code which performed the calculation was incorrect: ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0; ...due to C operator precedence, this ends up setting ulen to transhdrlen for messages with a non-zero length, which results in corrupted packets on the wire. Add parentheses to correct the calculation in line with the original intent.

CVE-2017-14934

MEDIUM

CVSS:5.5(Medium)

process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a ...

CWE-1312017

CVE-2019-5696

MEDIUM

CVSS:5.5(Medium)

NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which the provision of an incorrectly sized buffer by a guest VM leads to GPU out-of-bound access, which may lead to a denial of s...

CWE-1312019

CVE-2020-14385

MEDIUM

CVSS:5.5(Medium)

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt....

CWE-1312020

CVE-2021-29521

MEDIUM

CVSS:5.5(Medium)

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in `tf.raw_ops.SparseCountSparseOutput` results in a segmentation fault being thrown out from t...

CWE-1312021

CVE-2021-29542

MEDIUM

CVSS:5.5(Medium)

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow by passing crafted inputs to `tf.raw_ops.StringNGrams`. This is because the implemen...

CWE-1312021

CVE-2021-29545

MEDIUM

CVSS:5.5(Medium)

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in converting sparse tensors to CSR Sparse matrices. This is becau...

CWE-1312021

CVE-2024-26752

Vulnerability Description

Related Vulnerabilities

CVE-2017-14934

CVE-2019-5696

CVE-2020-14385

CVE-2021-29521

CVE-2021-29542

CVE-2021-29545