CVE-2024-42070

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4	Patch
https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f	Patch
https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f	Patch
https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8	Patch
https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf	Patch
https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c	Patch
https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564	Patch
https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

30 Jul 2024, 19:01

Type	Values Removed	Values Added
CWE		CWE-401
First Time		Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4 -~~	() https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4 - Patch
References	~~() https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f -~~	() https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f - Patch
References	~~() https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f -~~	() https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f - Patch
References	~~() https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8 -~~	() https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8 - Patch
References	~~() https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf -~~	() https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf - Patch
References	~~() https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c -~~	() https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c - Patch
References	~~() https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564 -~~	() https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564 - Patch
References	~~() https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007 -~~	() https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007 - Patch
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: validar completamente NFT_DATA_VALUE en la tienda para registros de datos. La validación de la tienda para NFT_DATA_VALUE es condicional; sin embargo, el tipo de datos siempre es NFT_DATA_VALUE o NFT_DATA_VERDICT. Esto solo requiere una nueva función auxiliar para inferir el tipo de registro a partir del tipo de datos establecido para que se pueda eliminar esta verificación condicional. De lo contrario, el puntero al objeto de la cadena se puede filtrar a través de los registros.

29 Jul 2024, 16:21

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-29 16:15

Updated : 2024-07-30 19:01

NVD link : CVE-2024-42070

Mitre link : CVE-2024-42070

CVE.ORG link : CVE-2024-42070

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10