CVE-2024-42154

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-42154
In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated).

4.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9 Mailing List Patch
https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c Mailing List Patch
https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3 Mailing List Patch
https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321 Mailing List Patch
https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff Mailing List Patch
https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99 Mailing List Patch
https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98 Mailing List Patch
https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6 Mailing List Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*
History

01 Oct 2024, 19:32

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : 4.4

08 Aug 2024, 15:02

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
First Time Linux
Linux linux Kernel
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-754
References () https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9 - () https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9 - Mailing List, Patch
References () https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c - () https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c - Mailing List, Patch
References () https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3 - () https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3 - Mailing List, Patch
References () https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321 - () https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321 - Mailing List, Patch
References () https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff - () https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff - Mailing List, Patch
References () https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99 - () https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99 - Mailing List, Patch
References () https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98 - () https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98 - Mailing List, Patch
References () https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6 - () https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6 - Mailing List, Patch

30 Jul 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tcp_metrics: validar la longitud de la dirección de origen. No veo nada comprobando que TCP_METRICS_ATTR_SADDR_IPV4 tenga al menos 4 bytes de longitud y la política no tiene ninguna entrada para este atributo (tampoco lo hace para IPv6 pero v6 se valida manualmente).

30 Jul 2024, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-30 08:15

Updated : 2024-10-01 19:32

NVD link : CVE-2024-42154

Mitre link : CVE-2024-42154

CVE.ORG link : CVE-2024-42154

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-754

Improper Check for Unusual or Exceptional Conditions


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024