CVE-2024-39504
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_inner: validate mandatory meta and payload
Check for mandatory netlink attributes in payload and meta expression when used embedded from the inner expression, otherwise NULL pointer dereference is possible from userspace.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 3a07327d10a09379315c844c63f27941f5081e0a < b30669fdea0ca03aa22995e6c99f7e7d9dee89ff | affected |
| Linux | Linux | 3a07327d10a09379315c844c63f27941f5081e0a < 39323f54cad29602917848346c71b087da92a19d | affected |
| Linux | Linux | 3a07327d10a09379315c844c63f27941f5081e0a < c4ab9da85b9df3692f861512fe6c9812f38b7471 | affected |
| Linux | Linux | 6.2 | affected |
| Linux | Linux | 0 < 6.2 | unaffected |
| Linux | Linux | 6.6.35 <= 6.6.* | unaffected |
| Linux | Linux | 6.9.6 <= 6.9.* | unaffected |
| Linux | Linux | 6.10 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/b30669fdea0ca03aa22995e6c99f7e7d9dee89ff
- https://git.kernel.org/stable/c/39323f54cad29602917848346c71b087da92a19d
- https://git.kernel.org/stable/c/c4ab9da85b9df3692f861512fe6c9812f38b7471
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/b30669fdea0ca03aa22995e6c99f7e7d9dee89ff
- https://git.kernel.org/stable/c/39323f54cad29602917848346c71b087da92a19d
- https://git.kernel.org/stable/c/c4ab9da85b9df3692f861512fe6c9812f38b7471
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.