CVE-2024-42247

EPSS 0.02%
Published 07.08.2024 16:15:47
Last modified 03.11.2025 22:17:50
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

wireguard: allowedips: avoid unaligned 64-bit memory accesses

On the parisc platform, the kernel issues kernel warnings because
swap_endian() tries to load a 128-bit IPv6 address from an unaligned
memory location:

 Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df)
 Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc)

Avoid such unaligned memory accesses by instead using the
get_unaligned_be64() helper macro.

[Jason: replace src[8] in original patch with src+8]

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.6 < 5.10.222

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.163

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.100

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.41

Linux ≫ Linux Kernel Version >= 6.7 < 6.9.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.041

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://git.kernel.org/stable/c/217978a29c6ceca76d3c640bf94bdf50c268d801

Patch

https://git.kernel.org/stable/c/2fb34bf76431e831f9863cd59adc0bd1f67b0fbf

Patch

https://git.kernel.org/stable/c/6638a203abad35fa636d59ac47bdbc4bc100fd74

Patch

https://git.kernel.org/stable/c/948f991c62a4018fb81d85804eeab3029c6209f8

Patch

https://git.kernel.org/stable/c/ae630de24efb123d7199a43256396d7758f4cb75

Patch

https://git.kernel.org/stable/c/b4764f0ad3d68de8a0b847c05f427afb86dd54e6

Patch

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

https://nvd.nist.gov/vuln/detail/CVE-2024-42247

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-42247

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-42247

EUVD