PatchSiren

PatchSiren cyber security CVE debrief

CVE-2024-26643 Linux CVE debrief

CVE-2024-26643 is a Linux kernel netfilter/nf_tables race condition affecting anonymous sets with timeouts. NVD rates it Medium (CVSS 5.5), and the issue is described as an asynchronous garbage-collection race that can interfere with set teardown and lead to denial of service on vulnerable kernels. The fix marks the set dead so async GC skips it during release and abort handling.

Vendor
Linux
Product
CVE-2024-26643
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2024-03-21
Original CVE updated
2026-05-12
Advisory published
2024-03-21
Advisory updated
2026-05-12

Who should care

Linux distribution maintainers, kernel administrators, and operators of systems that use nf_tables/netfilter should care most. Multi-tenant hosts, firewall appliances, container hosts, and any environment running affected kernel versions should prioritize review and patching.

Technical summary

The supplied kernel description says rhashtable-based garbage collection runs asynchronously and can race with commit-path release of anonymous sets that have timeouts. In that race, GC may collect elements while the set is being torn down. The fix sets the dead flag on anonymous sets so async GC is skipped during unbinding and abort-path cleanup. NVD classifies the issue under CWE-667 and assigns CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating a local attack requiring low privileges with high availability impact.

Defensive priority

Medium priority. Apply vendor kernel updates during the next maintenance window, or sooner on systems that rely on nftables/nf_tables for packet filtering or are exposed to untrusted local users.

Recommended defensive actions

  • Confirm whether deployed kernels fall within the affected ranges listed by NVD: before 5.4.274; 5.5 through 5.10.215; 5.11 through 5.15.154; 5.16 through 6.1.84; 6.2 through 6.6.24; and 6.7 through 6.7.12.
  • Apply the vendor-provided kernel updates or backports that include the nf_tables dead-flag fix.
  • Review systems that use nftables/nf_tables, especially shared or multi-user Linux hosts where local privilege boundaries matter.
  • Track your distro or kernel vendor advisories for the patched builds corresponding to your release stream.
  • Validate after updating that the running kernel is the intended fixed build and that package hold policies will not reintroduce the vulnerable version.

Evidence notes

This debrief is based on the supplied CVE/NVD record and kernel patch references only. The CVE was published on 2024-03-21 and modified on 2026-05-12 in the supplied data. NVD lists the issue as CVSS 5.5 with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H and CWE-667. NVD also provides multiple stable.git.kernel.org patch references and affected-version criteria for Linux kernel and Debian Linux 10.0.

Official resources

Publicly disclosed through the CVE/NVD record on 2024-03-21. The supplied NVD data was later modified on 2026-05-12 and includes published kernel patch references. No KEV listing is present in the supplied corpus.