7.1

CVE-2024-26673

netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations

- Disallow families other than NFPROTO_{IPV4,IPV6,INET}.
- Disallow layer 4 protocol with no ports, since destination port is a
  mandatory attribute for this object.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.3 < 5.4.269
LinuxLinux Kernel Version >= 5.5 < 5.10.210
LinuxLinux Kernel Version >= 5.11 < 5.15.149
LinuxLinux Kernel Version >= 5.16 < 6.1.77
LinuxLinux Kernel Version >= 6.2 < 6.6.16
LinuxLinux Kernel Version >= 6.7 < 6.7.4
LinuxLinux Kernel Version6.8 Updaterc1
LinuxLinux Kernel Version6.8 Updaterc2
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.144
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Mailing List
https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98
Patch
https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8
Patch
https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d
Patch
https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4
Patch
https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f
Patch
https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e
Patch
https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483
Patch