{"id":"CVE-2024-26673","summary":"netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations\n\n- Disallow families other than NFPROTO_{IPV4,IPV6,INET}.\n- Disallow layer 4 protocol with no ports, since destination port is a\n  mandatory attribute for this object.","modified":"2026-03-20T12:35:08.117772Z","published":"2024-04-02T06:51:05.857Z","related":["ALSA-2024:3306","SUSE-SU-2024:1644-1","SUSE-SU-2024:1659-1","SUSE-SU-2024:1663-1","SUSE-SU-2024:2135-1","SUSE-SU-2024:2203-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1","USN-6818-2","USN-6819-2"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26673.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98"},{"type":"WEB","url":"https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26673.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26673"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"857b46027d6f91150797295752581b7155b9d0e1"},{"fixed":"f549f340c91f08b938d60266e792ff7748dae483"},{"fixed":"65ee90efc928410c6f73b3d2e0afdd762652c09d"},{"fixed":"b775ced05489f4b77a35fe203e9aeb22f428e38f"},{"fixed":"0f501dae16b7099e69ee9b0d5c70b8f40fd30e98"},{"fixed":"cfe3550ea5df292c9e2d608e8c4560032391847e"},{"fixed":"38cc1605338d99205a263707f4dde76408d3e0e8"},{"fixed":"8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26673.json"}}],"schema_version":"1.7.5"}