Lucene search
Redhat.comRH:CVE-2024-36017HistoryJun 03, 2024 - 9:01 a.m.
CVE-2024-36017
2024-06-0309:01:01
redhat.com
access.redhat.com
1
linux
kernel
rtnetlink
vulnerability
fix
size validation
nested attribute
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Each attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a struct ifla_vf_vlan_info so the size of such attribute needs to be at least of sizeof(struct ifla_vf_vlan_info) which is 14 bytes. The current size validation in do_setvfinfo is against NLA_HDRLEN (4 bytes) which is less than sizeof(struct ifla_vf_vlan_info) so this validation is not enough and a too small attribute might be cast to a struct ifla_vf_vlan_info, this might result in an out of bands read access when accessing the saved (casted) entry in ivvl.
Related
cvelist
cvelist
nvd
nvd
CVE-2024-36017
2024-05-30 13:15:49
vulnrichment
vulnrichment
ubuntucve
ubuntucve
CVE-2024-36017
2024-05-30 00:00:00
cve
cve
CVE-2024-36017
2024-05-30 13:15:49
debiancve
debiancve
CVE-2024-36017
2024-05-30 13:15:49
nessus
nessus
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-069)
2024-05-31 00:00:00
Amazon Linux 2 : kernel (ALAS-2024-2581)
2024-06-24 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-060)
2024-06-24 00:00:00
amazon
amazon
Important: kernel
2024-06-19 19:15:00
debian
debian
[SECURITY] [DSA 5703-1] linux security update
2024-06-02 17:04:56
osv
osv
linux - security update
2024-06-02 00:00:00
linux-5.10 - security update
2024-06-25 00:00:00
linux - security update
2024-06-25 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5703-1)
2024-07-01 00:00:00
Debian: Security Advisory (DLA-3843-1)
2024-07-01 00:00:00
Debian: Security Advisory (DLA-3840-1)
2024-07-01 00:00:00