CVE-2024-26861 Linux CVE debrief

Who should care

Linux distribution maintainers, kernel administrators, and operators running WireGuard-enabled systems should review this CVE, especially if they rely on affected Linux kernel release lines or vendor kernels built from them.

Technical summary

The reported issue is a synchronization/data-race problem in drivers/net/wireguard/receive.c. According to the supplied description, KCSAN observed concurrent read and write access to keypair->receiving_counter.counter in wg_packet_decrypt_worker and wg_packet_rx_poll. The fix adds READ_ONCE()/WRITE_ONCE() annotations rather than changing the underlying logic, indicating the race is being explicitly acknowledged in code. NVD lists affected Linux kernel ranges ending before 5.10.214, 5.15.153, 6.1.83, 6.6.23, 6.7.11, and 6.8.2.

Defensive priority

Medium. The issue is local, requires low privileges, and is rated with high availability impact but no confidentiality or integrity impact in the supplied CVSS vector.

Recommended defensive actions

• Upgrade to a Linux kernel release that includes the upstream/stable fix for your branch.
• If you maintain a vendor kernel, verify the corresponding backport is present in your distribution advisory stream.
• Prioritize systems using WireGuard, especially where kernel updates are delayed or custom kernels are deployed.
• Confirm whether your deployment falls within the affected version ranges listed by NVD and plan patching accordingly.
• Track downstream notices from your Linux vendor for exact fixed package versions.

Evidence notes

This debrief is based on the supplied CVE description and official references. The CVE was published on 2024-04-17 and later modified on 2026-05-12. The supplied NVD record links multiple upstream stable patch references, and the weakness classification is CWE-362. No exploit code or weaponized reproduction details are included.

Official resources