CVE-2024-26642 Linux CVE debrief

Who should care

Linux kernel maintainers, distribution security teams, and administrators of systems that use netfilter/nf_tables or nftables should review this CVE. It is most relevant where kernel updates are managed through backports across long-term support releases.

Technical summary

The supplied record says anonymous sets are never used with timeout from userspace, so the kernel now rejects that combination. The only stated exception is NFT_SET_EVAL to preserve compatibility for legacy meters. NVD assigns CVSS 3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating a local, low-privilege path with availability impact as the main concern.

Defensive priority

Medium: apply the kernel fix as part of routine security updates, especially on hosts using nftables/nf_tables. The issue is limited by local-privilege requirements, but the availability impact and broad kernel deployment make patching important.

Recommended defensive actions

• Apply the relevant Linux kernel updates or vendor backports that include the nf_tables fix.
• Verify that your distribution has incorporated the patch into the kernel build you deploy, including long-term support branches.
• Inventory hosts using nftables/nf_tables or netfilter features and prioritize them for update validation.
• Track vendor advisories and kernel stable release notes for backported fixes matching your running kernel version.

Evidence notes

This debrief is based only on the supplied CVE record and official references. The record states the fix is to disallow anonymous sets with the timeout flag, with an exception for NFT_SET_EVAL. NVD lists multiple kernel patch references, and the vulnerability status is marked Modified on 2026-05-12 in the supplied timeline.

Official resources