4.4

CVE-2024-42154

tcp_metrics: validate source addr length

In the Linux kernel, the following vulnerability has been resolved:

tcp_metrics: validate source addr length

I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4
is at least 4 bytes long, and the policy doesn't have an entry
for this attribute at all (neither does it for IPv6 but v6 is
manually validated).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.14 < 4.19.318
LinuxLinux Kernel Version >= 4.20 < 5.4.280
LinuxLinux Kernel Version >= 5.5 < 5.10.222
LinuxLinux Kernel Version >= 5.11 < 5.15.163
LinuxLinux Kernel Version >= 5.16 < 6.1.98
LinuxLinux Kernel Version >= 6.2 < 6.6.39
LinuxLinux Kernel Version >= 6.7 < 6.9.9
LinuxLinux Kernel Version6.10 Updaterc1
LinuxLinux Kernel Version6.10 Updaterc2
LinuxLinux Kernel Version6.10 Updaterc3
LinuxLinux Kernel Version6.10 Updaterc4
LinuxLinux Kernel Version6.10 Updaterc5
LinuxLinux Kernel Version6.10 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.169
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 1.8 2.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9
Patch
Mailing List
https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c
Patch
Mailing List
https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3
Patch
Mailing List
https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321
Patch
Mailing List
https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff
Patch
Mailing List
https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99
Patch
Mailing List
https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98
Patch
Mailing List
https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6
Patch
Mailing List
http://www.openwall.com/lists/oss-security/2024/09/24/3
http://www.openwall.com/lists/oss-security/2024/09/24/4
http://www.openwall.com/lists/oss-security/2024/09/25/3
https://security.netapp.com/advisory/ntap-20240828-0010/
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html