-

CVE-2024-35962

EPSS 0.02%
Veröffentlicht 20.05.2024 10:15:11
Zuletzt bearbeitet 21.11.2024 09:21:18
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

netfilter: complete validation of user input

In my recent commit, I missed that do_replace() handlers
use copy_from_sockptr() (which I fixed), followed
by unsafe copy_from_sockptr_offset() calls.

In all functions, we can perform the @optlen validation
before even calling xt_alloc_table_info() with the following
check:

if ((u64)optlen < (u64)tmp.size + sizeof(tmp))
        return -EINVAL;

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05

Version 0f038242b77ddfc505bf4163d4904c1abd2e74d6

Status affected

Version < 97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7

Version 440e948cf0eff32cfe322dcbca3f2525354b159b

Status affected

Version < c760089aa98289b4b88a7ff5a62dd92845adf223

Version 18aae2cb87e5faa9c5bd865260ceadac60d5a6c5

Status affected

Version < 89242d9584c342cb83311b598d9e6b82572eadf8

Version 81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525

Status affected

Version < 562b7245131f6e9f1d280c8b5a8750f03edfc05c

Version 58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018

Status affected

Version < 65acf6e0501ac8880a4f73980d01b5d27648b956

Version 0c83842df40f86e529db6842231154772c20edcc

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 5.10.216

Version 5.10.215

Status affected

Version < 5.15.156

Version 5.15.154

Status affected

Version < 6.1.87

Version 6.1.85

Status affected

Version < 6.6.28

Version 6.6.26

Status affected

Version < 6.8.7

Version 6.8.5

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.05

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

https://git.kernel.org/stable/c/562b7245131f6e9f1d280c8b5a8750f03edfc05c

https://git.kernel.org/stable/c/65acf6e0501ac8880a4f73980d01b5d27648b956

https://git.kernel.org/stable/c/89242d9584c342cb83311b598d9e6b82572eadf8

https://git.kernel.org/stable/c/97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7

https://git.kernel.org/stable/c/c760089aa98289b4b88a7ff5a62dd92845adf223

https://git.kernel.org/stable/c/cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05

https://nvd.nist.gov/vuln/detail/CVE-2024-35962

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-35962

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-35962

EUVD