CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
A flaw was found in the Linux Kernel. The ‘TCA_MPLS_LABEL’ attribute is of the ‘NLA_U32’ type, but has a validation type of ‘NLA_VALIDATE_FUNCTION’. This is an invalid combination according to ‘struct nla_policy’, which can trigger the nla_get_range_unsigned() warning when validation of the attribute fails. Despite being ‘NLA_U32’ type, the associated ‘min’/‘max’ fields in the policy are negative as they are aliased by the ‘validate’ field. To mitigate, change the attribute type to ‘NLA_BINARY’, and move the length validation to the validation function.