CVE-2024-26849
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
netlink: add nla be16/32 types to minlen array
BUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline] BUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline] BUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline] BUG: KMSAN: uninit-value in __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631 nla_validate_range_unsigned lib/nlattr.c:222 [inline] nla_validate_int_range lib/nlattr.c:336 [inline] validate_nla lib/nlattr.c:575 [inline] …
The message in question matches this policy:
[NFTA_TARGET_REV] = NLA_POLICY_MAX(NLA_BE32, 255),
but because NLA_BE32 size in minlen array is 0, the validation code will read past the malformed (too small) attribute.
Note: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing: those likely should be added too.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 24ea1c8abaae6541ad95912422a9af4fb858428d < 000a68159c0326b46c42ec712ab98793e7e625a7 | affected |
| Linux | Linux | cbfac0add2afe8960a09806012313765a2179423 < 80b40f9cb87f3bf5877dfb852765cf92bc03ca77 | affected |
| Linux | Linux | ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f < 0ac219c4c3ab253f3981f346903458d20bacab32 | affected |
| Linux | Linux | ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f < a2ab028151841cd833cb53eb99427e0cc990112d | affected |
| Linux | Linux | ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f < 7a9d14c63b35f89563c5ecbadf918ad64979712d | affected |
| Linux | Linux | ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f < 9a0d18853c280f6a0ee99f91619f2442a17a323a | affected |
| Linux | Linux | 6.1 | affected |
| Linux | Linux | 0 < 6.1 | unaffected |
| Linux | Linux | 6.1.81 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.21 <= 6.6.* | unaffected |
| Linux | Linux | 6.7.9 <= 6.7.* | unaffected |
| Linux | Linux | 6.8 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/0ac219c4c3ab253f3981f346903458d20bacab32
- https://git.kernel.org/stable/c/a2ab028151841cd833cb53eb99427e0cc990112d
- https://git.kernel.org/stable/c/7a9d14c63b35f89563c5ecbadf918ad64979712d
- https://git.kernel.org/stable/c/9a0d18853c280f6a0ee99f91619f2442a17a323a
References
- https://git.kernel.org/stable/c/000a68159c0326b46c42ec712ab98793e7e625a7
- https://git.kernel.org/stable/c/80b40f9cb87f3bf5877dfb852765cf92bc03ca77
- https://git.kernel.org/stable/c/0ac219c4c3ab253f3981f346903458d20bacab32
- https://git.kernel.org/stable/c/a2ab028151841cd833cb53eb99427e0cc990112d
- https://git.kernel.org/stable/c/7a9d14c63b35f89563c5ecbadf918ad64979712d
- https://git.kernel.org/stable/c/9a0d18853c280f6a0ee99f91619f2442a17a323a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.