[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-26804":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":98,"related":99,"reserved_at":9,"published_at":114,"modified_at":115,"state":116,"summary":117,"references_raw":126,"kevs":164,"epss":165,"epss_history":168,"metrics":418,"affected":426},"CVE-2024-26804","In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ip_tunnel: prevent perpetual headroom growth\n\nsyzkaller triggered following kasan splat:\nBUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170\nRead of size 1 at addr ffff88812fb4000e by task syz-executor183/5191\n[..]\n kasan_report+0xda/0x110 mm/kasan/report.c:588\n __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170\n skb_flow_dissect_flow_keys include/linux/skbuff.h:1514 [inline]\n ___skb_get_hash net/core/flow_dissector.c:1791 [inline]\n __skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856\n skb_get_hash include/linux/skbuff.h:1556 [inline]\n ip_tunnel_xmit+0x1855/0x33c0 net/ipv4/ip_tunnel.c:748\n ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n neigh_connected_output+0x42c/0x5d0 net/core/neighbour.c:1592\n ...\n ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n ..\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831\n ipgre_xmit+0x4a1/0x980 net/ipv4/ip_gre.c:665\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564\n ...\n\nThe splat occurs because skb->data points past skb->head allocated area.\nThis is because neigh layer does:\n  __skb_pull(skb, skb_network_offset(skb));\n\n... but skb_network_offset() returns a negative offset and __skb_pull()\narg is unsigned.  IOW, we skb->data gets \"adjusted\" by a huge value.\n\nThe negative value is returned because skb->head and skb->data distance is\nmore than 64k and skb->network_header (u16) has wrapped around.\n\nThe bug is in the ip_tunnel infrastructure, which can cause\ndev->needed_headroom to increment ad infinitum.\n\nThe syzkaller reproducer consists of packets getting routed via a gre\ntunnel, and route of gre encapsulated packets pointing at another (ipip)\ntunnel.  The ipip encapsulation finds gre0 as next output device.\n\nThis results in the following pattern:\n\n1). First packet is to be sent out via gre0.\nRoute lookup found an output device, ipip0.\n\n2).\nip_tunnel_xmit for gre0 bumps gre0->needed_headroom based on the future\noutput device, rt.dev->needed_headroom (ipip0).\n\n3).\nip output / start_xmit moves skb on to ipip0. which runs the same\ncode path again (xmit recursion).\n\n4).\nRouting step for the post-gre0-encap packet finds gre0 as output device\nto use for ipip0 encapsulated packet.\n\ntunl0->needed_headroom is then incremented based on the (already bumped)\ngre0 device headroom.\n\nThis repeats for every future packet:\n\ngre0->needed_headroom gets inflated because previous packets' ipip0 step\nincremented rt->dev (gre0) headroom, and ipip0 incremented because gre0\nneeded_headroom was increased.\n\nFor each subsequent packet, gre/ipip0->needed_headroom grows until\npost-expand-head reallocations result in a skb->head/data distance of\nmore than 64k.\n\nOnce that happens, skb->network_header (u16) wraps around when\npskb_expand_head tries to make sure that skb_network_offset() is unchanged\nafter the headroom expansion/reallocation.\n\nAfter this skb_network_offset(skb) returns a different (and negative)\nresult post headroom expansion.\n\nThe next trip to neigh layer (or anything else that would __skb_pull the\nnetwork header) makes skb->data point to a memory location outside\nskb->head area.\n\nv2: Cap the needed_headroom update to an arbitarily chosen upperlimit to\nprevent perpetual increase instead of dropping the headroom increment\ncompletely.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","weakness","Stable","Variant","High",[],[],[],[],[24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96],{"_key":25},"SUSE-SU-2024:3553-1",{"_key":27},"SUSE-SU-2024:4100-1",{"_key":29},"SUSE-SU-2025:0034-1",{"_key":31},"SUSE-SU-2025:01966-1",{"_key":33},"SUSE-SU-2025:01983-1",{"_key":35},"SUSE-SU-2025:02173-1",{"_key":37},"SUSE-SU-2024:3551-1",{"_key":39},"SUSE-SU-2024:3561-1",{"_key":41},"SUSE-SU-2024:3564-1",{"_key":43},"SUSE-SU-2024:3569-1",{"_key":45},"SUSE-SU-2024:3587-1",{"_key":47},"SUSE-SU-2024:3592-1",{"_key":49},"DLA-3842-1",{"_key":51},"DSA-5681-1",{"_key":53},"SUSE-SU-2025:20073-1",{"_key":55},"SUSE-SU-2025:20077-1",{"_key":57},"DEBIAN-CVE-2024-26804",{"_key":59},"RHSA-2024:3306",{"_key":61},"RHSA-2024:3460",{"_key":63},"RHSA-2024:3461",{"_key":65},"RHSA-2024:4447",{"_key":67},"RHSA-2024:4740",{"_key":69},"RHSA-2024:4211",{"_key":71},"RHSA-2024:4352",{"_key":73},"UBUNTU-CVE-2024-26804",{"_key":75},"USN-6820-1",{"_key":77},"USN-6820-2",{"_key":79},"USN-6821-1",{"_key":81},"USN-6821-2",{"_key":83},"USN-6821-3",{"_key":85},"USN-6821-4",{"_key":87},"USN-6828-1",{"_key":89},"USN-6831-1",{"_key":91},"USN-6867-1",{"_key":93},"USN-6871-1",{"_key":95},"USN-6892-1",{"_key":97},"USN-6919-1",[],[100,101,102,103,104,105,106,107,108,109,110,111,112,113],{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":53},{"_key":55},"2024-04-04T08:20:31.305Z","2026-05-23T15:38:06.927Z","Analyzed",{"cisa_kev":118,"cisa_ransomware":118,"cisa_vendor":9,"epss_severity":119,"epss_score":120,"severity":121,"severity_score":122,"severity_version":123,"severity_source":124,"severity_vector":125,"severity_status":116},false,"low",0.00346,"medium",5.3,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",[127,133,137,141,145,149,153,157],{"url":128,"sources":129,"tags":131},"https://git.kernel.org/stable/c/f81e94d2dcd2397137edcb8b85f4c5bed5d22383",[124,130],"nvd",[132],"Patch",{"url":134,"sources":135,"tags":136},"https://git.kernel.org/stable/c/2e95350fe9db9d53c701075060ac8ac883b68aee",[124,130],[132],{"url":138,"sources":139,"tags":140},"https://git.kernel.org/stable/c/afec0c5cd2ed71ca95a8b36a5e6d03333bf34282",[124,130],[132],{"url":142,"sources":143,"tags":144},"https://git.kernel.org/stable/c/ab63de24ebea36fe73ac7121738595d704b66d96",[124,130],[132],{"url":146,"sources":147,"tags":148},"https://git.kernel.org/stable/c/a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9",[124,130],[132],{"url":150,"sources":151,"tags":152},"https://git.kernel.org/stable/c/049d7989c67e8dd50f07a2096dbafdb41331fb9b",[124,130],[132],{"url":154,"sources":155,"tags":156},"https://git.kernel.org/stable/c/5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f",[124,130],[132],{"url":158,"sources":159,"tags":160},"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",[124,130],[161,162,163],"X Transferred","Mailing List","Third Party Advisory",[],{"date":166,"score":120,"percentile":167},"2026-06-03",0.57344,[169,172,175,178,181,184,187,190,193,196,199,201,204,207,209,213,216,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,267,269,271,273,276,279,282,285,288,291,293,296,299,302,305,308,311,313,316,319,322,325,328,331,334,337,340,343,346,349,352,354,357,359,361,363,366,369,372,375,378,380,382,384,386,388,391,393,396,399,402,404,406,409,411,414,416],{"date":170,"score":120,"percentile":171},"2025-11-04",0.565,{"date":173,"score":120,"percentile":174},"2025-11-05",0.56478,{"date":176,"score":120,"percentile":177},"2025-11-06",0.5648,{"date":179,"score":120,"percentile":180},"2025-11-07",0.56494,{"date":182,"score":120,"percentile":183},"2025-11-08",0.56497,{"date":185,"score":120,"percentile":186},"2025-11-09",0.56486,{"date":188,"score":120,"percentile":189},"2025-11-10",0.56459,{"date":191,"score":120,"percentile":192},"2025-11-11",0.56473,{"date":194,"score":120,"percentile":195},"2025-11-12",0.56499,{"date":197,"score":120,"percentile":198},"2025-11-13",0.56505,{"date":200,"score":120,"percentile":198},"2025-11-14",{"date":202,"score":120,"percentile":203},"2025-11-15",0.56496,{"date":205,"score":120,"percentile":206},"2025-11-16",0.56479,{"date":208,"score":120,"percentile":192},"2025-11-17",{"date":210,"score":211,"percentile":212},"2025-11-18",0.01716,0.80867,{"date":214,"score":211,"percentile":215},"2025-11-19",0.80869,{"date":217,"score":211,"percentile":218},"2025-11-20",0.80873,{"date":220,"score":120,"percentile":221},"2025-11-21",0.56489,{"date":223,"score":120,"percentile":224},"2025-11-22",0.56485,{"date":226,"score":120,"percentile":227},"2025-11-23",0.56458,{"date":229,"score":120,"percentile":230},"2025-11-24",0.56452,{"date":232,"score":120,"percentile":233},"2025-11-25",0.56457,{"date":235,"score":120,"percentile":236},"2025-11-26",0.56462,{"date":238,"score":120,"percentile":239},"2025-11-27",0.56463,{"date":241,"score":120,"percentile":242},"2025-11-28",0.56438,{"date":244,"score":120,"percentile":245},"2025-11-29",0.56425,{"date":247,"score":120,"percentile":248},"2025-11-30",0.56416,{"date":250,"score":120,"percentile":251},"2025-12-01",0.56571,{"date":253,"score":120,"percentile":254},"2025-12-02",0.56589,{"date":256,"score":120,"percentile":257},"2025-12-03",0.56585,{"date":259,"score":120,"percentile":260},"2025-12-04",0.56419,{"date":262,"score":120,"percentile":263},"2025-12-05",0.56434,{"date":265,"score":120,"percentile":266},"2025-12-06",0.56436,{"date":268,"score":120,"percentile":263},"2025-12-07",{"date":270,"score":120,"percentile":266},"2025-12-08",{"date":272,"score":120,"percentile":233},"2025-12-09",{"date":274,"score":120,"percentile":275},"2025-12-10",0.56515,{"date":277,"score":120,"percentile":278},"2025-12-11",0.5654,{"date":280,"score":120,"percentile":281},"2025-12-12",0.56565,{"date":283,"score":120,"percentile":284},"2025-12-13",0.5656,{"date":286,"score":120,"percentile":287},"2025-12-14",0.56558,{"date":289,"score":120,"percentile":290},"2025-12-15",0.56544,{"date":292,"score":120,"percentile":287},"2025-12-16",{"date":294,"score":120,"percentile":295},"2025-12-17",0.56576,{"date":297,"score":120,"percentile":298},"2025-12-18",0.56618,{"date":300,"score":120,"percentile":301},"2025-12-19",0.56624,{"date":303,"score":120,"percentile":304},"2025-12-20",0.5662,{"date":306,"score":120,"percentile":307},"2025-12-21",0.56599,{"date":309,"score":120,"percentile":310},"2025-12-22",0.56579,{"date":312,"score":120,"percentile":257},"2025-12-23",{"date":314,"score":120,"percentile":315},"2025-12-24",0.56594,{"date":317,"score":120,"percentile":318},"2025-12-25",0.56638,{"date":320,"score":120,"percentile":321},"2025-12-26",0.56634,{"date":323,"score":120,"percentile":324},"2025-12-27",0.56687,{"date":326,"score":120,"percentile":327},"2025-12-28",0.56605,{"date":329,"score":120,"percentile":330},"2025-12-29",0.56595,{"date":332,"score":120,"percentile":333},"2025-12-30",0.56592,{"date":335,"score":120,"percentile":336},"2025-12-31",0.56609,{"date":338,"score":120,"percentile":339},"2026-01-01",0.56777,{"date":341,"score":120,"percentile":342},"2026-01-02",0.56756,{"date":344,"score":120,"percentile":345},"2026-01-03",0.56749,{"date":347,"score":120,"percentile":348},"2026-01-04",0.56577,{"date":350,"score":120,"percentile":351},"2026-01-05",0.56567,{"date":353,"score":120,"percentile":295},"2026-01-06",{"date":355,"score":120,"percentile":356},"2026-01-07",0.56602,{"date":358,"score":120,"percentile":304},"2026-01-08",{"date":360,"score":120,"percentile":304},"2026-01-09",{"date":362,"score":120,"percentile":304},"2026-01-10",{"date":364,"score":120,"percentile":365},"2026-01-11",0.56596,{"date":367,"score":120,"percentile":368},"2026-01-12",0.56557,{"date":370,"score":120,"percentile":371},"2026-01-13",0.56532,{"date":373,"score":120,"percentile":374},"2026-01-14",0.56574,{"date":376,"score":120,"percentile":377},"2026-01-15",0.56578,{"date":379,"score":120,"percentile":356},"2026-01-16",{"date":381,"score":120,"percentile":333},"2026-01-17",{"date":383,"score":120,"percentile":257},"2026-01-18",{"date":385,"score":120,"percentile":348},"2026-01-19",{"date":387,"score":120,"percentile":310},"2026-01-20",{"date":389,"score":120,"percentile":390},"2026-01-21",0.56583,{"date":392,"score":120,"percentile":390},"2026-01-22",{"date":394,"score":120,"percentile":395},"2026-01-23",0.56626,{"date":397,"score":120,"percentile":398},"2026-01-24",0.56631,{"date":400,"score":120,"percentile":401},"2026-01-25",0.56591,{"date":403,"score":120,"percentile":310},"2026-01-26",{"date":405,"score":120,"percentile":254},"2026-01-27",{"date":407,"score":120,"percentile":408},"2026-01-28",0.56603,{"date":410,"score":120,"percentile":356},"2026-01-29",{"date":412,"score":120,"percentile":413},"2026-01-30",0.56606,{"date":415,"score":120,"percentile":336},"2026-01-31",{"date":417,"score":120,"percentile":345},"2026-02-01",[419,424],{"source":124,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":420,"cvss_v4_0":9},{"baseScore":122,"baseSeverity":421,"vectorString":125,"impactScore":422,"exploitabilityScore":423},"MEDIUM",2.3,10,{"source":130,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":425,"cvss_v4_0":9},{"baseScore":122,"baseSeverity":421,"vectorString":125,"impactScore":422,"exploitabilityScore":423},[427,436,473],{"ecosystem":9,"name":428,"vendor":429,"product":430,"cpe_part":431,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":432},"debian linux","debian","debian_linux","o",[433],{"version":434,"is_range":118,"range_type":435,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":437,"vendor":438,"product":438,"cpe_part":439,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":440},"Linux","linux","a",[441,448,451,454,457,460,463,466,468,472],{"version":442,"is_range":443,"range_type":124,"version_start":444,"version_start_type":445,"version_end":446,"version_end_type":447,"fixed_in":9},">= 243aad830e8a4cdda261626fbaeddde16b08d04a, \u003C f81e94d2dcd2397137edcb8b85f4c5bed5d22383",true,"243aad830e8a4cdda261626fbaeddde16b08d04a","including","f81e94d2dcd2397137edcb8b85f4c5bed5d22383","excluding",{"version":449,"is_range":443,"range_type":124,"version_start":444,"version_start_type":445,"version_end":450,"version_end_type":447,"fixed_in":9},">= 243aad830e8a4cdda261626fbaeddde16b08d04a, \u003C 2e95350fe9db9d53c701075060ac8ac883b68aee","2e95350fe9db9d53c701075060ac8ac883b68aee",{"version":452,"is_range":443,"range_type":124,"version_start":444,"version_start_type":445,"version_end":453,"version_end_type":447,"fixed_in":9},">= 243aad830e8a4cdda261626fbaeddde16b08d04a, \u003C afec0c5cd2ed71ca95a8b36a5e6d03333bf34282","afec0c5cd2ed71ca95a8b36a5e6d03333bf34282",{"version":455,"is_range":443,"range_type":124,"version_start":444,"version_start_type":445,"version_end":456,"version_end_type":447,"fixed_in":9},">= 243aad830e8a4cdda261626fbaeddde16b08d04a, \u003C ab63de24ebea36fe73ac7121738595d704b66d96","ab63de24ebea36fe73ac7121738595d704b66d96",{"version":458,"is_range":443,"range_type":124,"version_start":444,"version_start_type":445,"version_end":459,"version_end_type":447,"fixed_in":9},">= 243aad830e8a4cdda261626fbaeddde16b08d04a, \u003C a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9","a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9",{"version":461,"is_range":443,"range_type":124,"version_start":444,"version_start_type":445,"version_end":462,"version_end_type":447,"fixed_in":9},">= 243aad830e8a4cdda261626fbaeddde16b08d04a, \u003C 049d7989c67e8dd50f07a2096dbafdb41331fb9b","049d7989c67e8dd50f07a2096dbafdb41331fb9b",{"version":464,"is_range":443,"range_type":124,"version_start":444,"version_start_type":445,"version_end":465,"version_end_type":447,"fixed_in":9},">= 243aad830e8a4cdda261626fbaeddde16b08d04a, \u003C 5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f","5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f",{"version":467,"is_range":118,"range_type":124,"version_start":467,"version_start_type":445,"version_end":467,"version_end_type":445,"fixed_in":9},"03017375b0122453e6dda833ff7bd4191915def5",{"version":469,"is_range":443,"range_type":124,"version_start":470,"version_start_type":445,"version_end":471,"version_end_type":447,"fixed_in":9},">= 2.6.33.2, \u003C 2.6.34","2.6.33.2","2.6.34",{"version":471,"is_range":118,"range_type":124,"version_start":471,"version_start_type":445,"version_end":471,"version_end_type":445,"fixed_in":9},{"ecosystem":9,"name":474,"vendor":438,"product":475,"cpe_part":431,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":476},"linux kernel","linux_kernel",[477,480,484,488,492,496,500,502,504,506,508,510],{"version":478,"is_range":443,"range_type":435,"version_start":471,"version_start_type":445,"version_end":479,"version_end_type":447,"fixed_in":9},"gte2.6.34_lt5.4.271","5.4.271",{"version":481,"is_range":443,"range_type":435,"version_start":482,"version_start_type":445,"version_end":483,"version_end_type":447,"fixed_in":9},"gte5.5_lt5.10.212","5.5","5.10.212",{"version":485,"is_range":443,"range_type":435,"version_start":486,"version_start_type":445,"version_end":487,"version_end_type":447,"fixed_in":9},"gte5.11_lt5.15.151","5.11","5.15.151",{"version":489,"is_range":443,"range_type":435,"version_start":490,"version_start_type":445,"version_end":491,"version_end_type":447,"fixed_in":9},"gte5.16_lt6.1.81","5.16","6.1.81",{"version":493,"is_range":443,"range_type":435,"version_start":494,"version_start_type":445,"version_end":495,"version_end_type":447,"fixed_in":9},"gte6.2_lt6.6.21","6.2","6.6.21",{"version":497,"is_range":443,"range_type":435,"version_start":498,"version_start_type":445,"version_end":499,"version_end_type":447,"fixed_in":9},"gte6.7_lt6.7.9","6.7","6.7.9",{"version":501,"is_range":118,"range_type":435,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.8:rc1",{"version":503,"is_range":118,"range_type":435,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.8:rc2",{"version":505,"is_range":118,"range_type":435,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.8:rc3",{"version":507,"is_range":118,"range_type":435,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.8:rc4",{"version":509,"is_range":118,"range_type":435,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.8:rc5",{"version":511,"is_range":118,"range_type":435,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.8:rc6"]