CVE-2024-27016

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-27016
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use a helper function to access protocol field.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/87b3593bed1868b2d9fe096c01bcdf0ea86cbebf Patch
https://git.kernel.org/stable/c/8bf7c76a2a207ca2b4cfda0a279192adf27678d7 Patch
https://git.kernel.org/stable/c/a2471d271042ea18e8a6babc132a8716bb2f08b9 Patch
https://git.kernel.org/stable/c/cf366ee3bc1b7d1c76a882640ba3b3f8f1039163 Patch
https://git.kernel.org/stable/c/d06977b9a4109f8738bb276125eb6a0b772bc433 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
History

23 May 2024, 19:33

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/87b3593bed1868b2d9fe096c01bcdf0ea86cbebf - () https://git.kernel.org/stable/c/87b3593bed1868b2d9fe096c01bcdf0ea86cbebf - Patch
References () https://git.kernel.org/stable/c/8bf7c76a2a207ca2b4cfda0a279192adf27678d7 - () https://git.kernel.org/stable/c/8bf7c76a2a207ca2b4cfda0a279192adf27678d7 - Patch
References () https://git.kernel.org/stable/c/a2471d271042ea18e8a6babc132a8716bb2f08b9 - () https://git.kernel.org/stable/c/a2471d271042ea18e8a6babc132a8716bb2f08b9 - Patch
References () https://git.kernel.org/stable/c/cf366ee3bc1b7d1c76a882640ba3b3f8f1039163 - () https://git.kernel.org/stable/c/cf366ee3bc1b7d1c76a882640ba3b3f8f1039163 - Patch
References () https://git.kernel.org/stable/c/d06977b9a4109f8738bb276125eb6a0b772bc433 - () https://git.kernel.org/stable/c/d06977b9a4109f8738bb276125eb6a0b772bc433 - Patch
CWE NVD-CWE-noinfo
First Time Linux linux Kernel
Linux
Fedoraproject
Fedoraproject fedora
CPE cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5

13 May 2024, 08:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}

03 May 2024, 03:16

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: flowtable: validar encabezado pppoe Asegúrese de que haya suficiente espacio para acceder al campo de protocolo del encabezado PPPoe. Valídelo una vez antes de la búsqueda de la tabla de flujo, luego use una función auxiliar para acceder al campo de protocolo.
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/ -

01 May 2024, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-01 06:15

Updated : 2024-05-23 19:33

NVD link : CVE-2024-27016

Mitre link : CVE-2024-27016

CVE.ORG link : CVE-2024-27016

JSON object : View

Products Affected

linux

  • linux_kernel

fedoraproject

  • fedora
CWE
NVD-CWE-noinfo

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024