wireguard: receive: annotate data-race around receiving_counter.counter
Summary
| CVE | CVE-2024-26861 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2024-04-17 11:15:08 UTC |
| Updated | 2026-05-12 12:16:21 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receiving_counter.counter Syzkaller with KCSAN identified a data-race issue when accessing keypair->receiving_counter.counter. Use READ_ONCE() and WRITE_ONCE() annotations to mark the data race as intentional. BUG: KCSAN: data-race in wg_packet_decrypt_worker / wg_packet_rx_poll write to 0xffff888107765888 of 8 bytes by interrupt on cpu 0: counter_validate drivers/net/wireguard/receive.c:321 [inline] wg_packet_rx_poll+0x3ac/0xf00 drivers/net/wireguard/receive.c:461 __napi_poll+0x60/0x3b0 net/core/dev.c:6536 napi_poll net/core/dev.c:6605 [inline] net_rx_action+0x32b/0x750 net/core/dev.c:6738 __do_softirq+0xc4/0x279 kernel/softirq.c:553 do_softirq+0x5e/0x90 kernel/softirq.c:454 __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline] wg_packet_decrypt_worker+0x6c5/0x700 drivers/net/wireguard/receive.c:499 process_one_work kernel/workqueue.c:2633 [inline] ... read to 0xffff888107765888 of 8 bytes by task 3196 on cpu 1: decrypt_packet drivers/net/wireguard/receive.c:252 [inline] wg_packet_decrypt_worker+0x220/0x700 drivers/net/wireguard/receive.c:501 process_one_work kernel/workqueue.c:2633 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706 worker_thread+0x525/0x730 kernel/workqueue.c:2787 ... |
Risk And Classification
Primary CVSS: v3.1 4.7 MEDIUM from [email protected]
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Problem Types: CWE-362
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
HighPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected a9e90d9931f3a474f04bab782ccd9d77904941e9 f87884e0dffd61b47e58bc6e1e2f6843c212b0cc git | Not specified |
| CNA | Linux | Linux | affected a9e90d9931f3a474f04bab782ccd9d77904941e9 d691be84ab898cf136a35176eaf2f8fc116563f0 git | Not specified |
| CNA | Linux | Linux | affected a9e90d9931f3a474f04bab782ccd9d77904941e9 45a83b220c83e3c326513269afbf69ae6fc65cce git | Not specified |
| CNA | Linux | Linux | affected a9e90d9931f3a474f04bab782ccd9d77904941e9 78739d72f16b2d7d549f713f1dfebd678d32484b git | Not specified |
| CNA | Linux | Linux | affected a9e90d9931f3a474f04bab782ccd9d77904941e9 3f94da807fe1668b9830f0eefbbf7e887b0a7bc6 git | Not specified |
| CNA | Linux | Linux | affected a9e90d9931f3a474f04bab782ccd9d77904941e9 fdf16de078a97bf14bb8ee2b8d47cc3d3ead09ed git | Not specified |
| CNA | Linux | Linux | affected a9e90d9931f3a474f04bab782ccd9d77904941e9 bba045dc4d996d03dce6fe45726e78a1a1f6d4c3 git | Not specified |
| CNA | Linux | Linux | affected 4a7939808afdc57ecaeb72d049e2985321a1e44e git | Not specified |
| CNA | Linux | Linux | affected 5.7 | Not specified |
| CNA | Linux | Linux | unaffected 5.7 semver | Not specified |
| CNA | Linux | Linux | unaffected 5.10.214 5.10.* semver | Not specified |
| CNA | Linux | Linux | unaffected 5.15.153 5.15.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.83 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.23 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.7.11 6.7.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.8.2 6.8.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.9 * original_commit_for_fix | Not specified |
| ADP | Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux Subsystem | affected * custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| lists.debian.org/debian-lts-announce/2024/06/msg00017.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List |
| git.kernel.org/stable/c/78739d72f16b2d7d549f713f1dfebd678d32484b | af854a3a-2127-422b-91ae-364da2661108 | git.kernel.org | Patch |
| git.kernel.org/stable/c/3f94da807fe1668b9830f0eefbbf7e887b0a7bc6 | af854a3a-2127-422b-91ae-364da2661108 | git.kernel.org | Patch |
| cert-portal.siemens.com/productcert/html/ssa-265688.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| git.kernel.org/stable/c/f87884e0dffd61b47e58bc6e1e2f6843c212b0cc | af854a3a-2127-422b-91ae-364da2661108 | git.kernel.org | Patch |
| git.kernel.org/stable/c/d691be84ab898cf136a35176eaf2f8fc116563f0 | af854a3a-2127-422b-91ae-364da2661108 | git.kernel.org | Patch |
| git.kernel.org/stable/c/45a83b220c83e3c326513269afbf69ae6fc65cce | af854a3a-2127-422b-91ae-364da2661108 | git.kernel.org | Patch |
| git.kernel.org/stable/c/bba045dc4d996d03dce6fe45726e78a1a1f6d4c3 | af854a3a-2127-422b-91ae-364da2661108 | git.kernel.org | Patch |
| git.kernel.org/stable/c/fdf16de078a97bf14bb8ee2b8d47cc3d3ead09ed | af854a3a-2127-422b-91ae-364da2661108 | git.kernel.org | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.