In the Linux kernel, the following vulnerability has been resolved:
netlink: add nla be16/32 types to minlen array BUG: KMSAN: uninit-value in
nla_validate_range_unsigned lib/nlattr.c:222 [inline] BUG: KMSAN:
uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline] BUG:
KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline] BUG: KMSAN:
uninit-value in __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631
nla_validate_range_unsigned lib/nlattr.c:222 [inline]
nla_validate_int_range lib/nlattr.c:336 [inline] validate_nla
lib/nlattr.c:575 [inline] … The message in question matches this policy:
[NFTA_TARGET_REV] = NLA_POLICY_MAX(NLA_BE32, 255), but because NLA_BE32
size in minlen array is 0, the validation code will read past the malformed
(too small) attribute. Note: Other attributes, e.g. BITFIELD32, SINT,
UINT… are also missing: those likely should be added too.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-6.5 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-gcp-6.5 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-nvidia-6.5 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-oem-6.5 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-oracle-6.5 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-starfive-6.5 | < any | UNKNOWN |
git.kernel.org/linus/9a0d18853c280f6a0ee99f91619f2442a17a323a (6.8-rc7)
git.kernel.org/stable/c/0ac219c4c3ab253f3981f346903458d20bacab32
git.kernel.org/stable/c/7a9d14c63b35f89563c5ecbadf918ad64979712d
git.kernel.org/stable/c/9a0d18853c280f6a0ee99f91619f2442a17a323a
git.kernel.org/stable/c/a2ab028151841cd833cb53eb99427e0cc990112d
launchpad.net/bugs/cve/CVE-2024-26849
nvd.nist.gov/vuln/detail/CVE-2024-26849
security-tracker.debian.org/tracker/CVE-2024-26849
www.cve.org/CVERecord?id=CVE-2024-26849