Lucene search

416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2024-42070

HistoryJul 29, 2024 - 4:15 p.m.

CVE-2024-42070

2024-07-2916:15:06

CWE-401

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux

kernel

vulnerability

netfilter

nf_tables

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers

register store validation for NFT_DATA_VALUE is conditional, however,
the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This
only requires a new helper function to infer the register type from the
set datatype so this conditional check can be removed. Otherwise,
pointer to chain object can be leaked through the registers.

Affected configurations

Nvd

Node

linuxlinux_kernelRange<3.13

linuxlinux_kernelRange3.14–4.19.317

linuxlinux_kernelRange4.20–5.4.279

linuxlinux_kernelRange5.5–5.10.221

linuxlinux_kernelRange5.11–5.15.162

linuxlinux_kernelRange5.16–6.1.97

linuxlinux_kernelRange6.2–6.6.37

linuxlinux_kernelRange6.7–6.9.8

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4

git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f

git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f

git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8

git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf

git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c

git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564

git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.0%

JSON

Related for NVD:CVE-2024-42070