CVE-2024-39504

Summary

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_inner: validate mandatory meta and payload

Check for mandatory netlink attributes in payload and meta expression when used embedded from the inner expression, otherwise NULL pointer dereference is possible from userspace.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3a07327d10a09379315c844c63f27941f5081e0a < b30669fdea0ca03aa22995e6c99f7e7d9dee89ffaffected
LinuxLinux3a07327d10a09379315c844c63f27941f5081e0a < 39323f54cad29602917848346c71b087da92a19daffected
LinuxLinux3a07327d10a09379315c844c63f27941f5081e0a < c4ab9da85b9df3692f861512fe6c9812f38b7471affected
LinuxLinux6.2affected
LinuxLinux0 < 6.2unaffected
LinuxLinux6.6.35 <= 6.6.*unaffected
LinuxLinux6.9.6 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References