In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_inner: validate mandatory meta and payload
Check for mandatory netlink attributes in payload and meta expression
when used embedded from the inner expression, otherwise NULL pointer
dereference is possible from userspace.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-6.5 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gcp | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-gcp-6.5 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gke | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-ibm | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-intel | < any | UNKNOWN |
git.kernel.org/linus/c4ab9da85b9df3692f861512fe6c9812f38b7471 (6.10-rc4)
git.kernel.org/stable/c/39323f54cad29602917848346c71b087da92a19d
git.kernel.org/stable/c/b30669fdea0ca03aa22995e6c99f7e7d9dee89ff
git.kernel.org/stable/c/c4ab9da85b9df3692f861512fe6c9812f38b7471
launchpad.net/bugs/cve/CVE-2024-39504
nvd.nist.gov/vuln/detail/CVE-2024-39504
security-tracker.debian.org/tracker/CVE-2024-39504
www.cve.org/CVERecord?id=CVE-2024-39504