5.5

CVE-2024-26851

EPSS 0.01%
Published 17.04.2024 11:15:08
Last modified 02.04.2025 13:17:19
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_h323: Add protection for bmp length out of range

UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts
that are out of bounds for their data type.

vmlinux   get_bitmap(b=75) + 712
<net/netfilter/nf_conntrack_h323_asn1.c:0>
vmlinux   decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956
<net/netfilter/nf_conntrack_h323_asn1.c:592>
vmlinux   decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216
<net/netfilter/nf_conntrack_h323_asn1.c:814>
vmlinux   decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812
<net/netfilter/nf_conntrack_h323_asn1.c:576>
vmlinux   decode_choice(base=0xFFFFFFD008037280, level=0) + 1216
<net/netfilter/nf_conntrack_h323_asn1.c:814>
vmlinux   DecodeRasMessage() + 304
<net/netfilter/nf_conntrack_h323_asn1.c:833>
vmlinux   ras_help() + 684
<net/netfilter/nf_conntrack_h323_main.c:1728>
vmlinux   nf_confirm() + 188
<net/netfilter/nf_conntrack_proto.c:137>

Due to abnormal data in skb->data, the extension bitmap length
exceeds 32 when decoding ras message then uses the length to make
a shift operation. It will change into negative after several loop.
UBSAN load could detect a negative shift as an undefined behaviour
and reports exception.
So we add the protection to avoid the length exceeding 32. Or else
it will return out of range error and stop decoding.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 2.6.17 < 4.19.310

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.272

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.213

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.152

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.82

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.22

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.10

Linux ≫ Linux Kernel Version6.8 Updaterc1

Linux ≫ Linux Kernel Version6.8 Updaterc2

Linux ≫ Linux Kernel Version6.8 Updaterc3

Linux ≫ Linux Kernel Version6.8 Updaterc4

Linux ≫ Linux Kernel Version6.8 Updaterc5

Linux ≫ Linux Kernel Version6.8 Updaterc6

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.004

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Mailing List

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Mailing List

https://git.kernel.org/stable/c/014a807f1cc9c9d5173c1cd935835553b00d211c

Patch

https://git.kernel.org/stable/c/39001e3c42000e7c2038717af0d33c32319ad591

Patch

https://git.kernel.org/stable/c/4bafcc43baf7bcf93566394dbd15726b5b456b7a

Patch

https://git.kernel.org/stable/c/767146637efc528b5e3d31297df115e85a2fd362

Patch

https://git.kernel.org/stable/c/80ee5054435a11c87c9a4f30f1ff750080c96416

Patch

https://git.kernel.org/stable/c/98db42191329c679f4ca52bec0b319689e1ad8cb

Patch

https://git.kernel.org/stable/c/b3c0f553820516ad4b62a9390ecd28d6f73a7b13

Patch

https://git.kernel.org/stable/c/ccd1108b16ab572d9bf635586b0925635dbd6bbc

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-26851

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-26851

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-26851

EUVD