CVE-2024-56783

Summary

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level

cgroup maximum depth is INT_MAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove unnecessary WARN_ON_ONCE which is reachable from userspace.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxace0db36b4a1db07a48517c4f04488d1cd05e5f5 < 7064a6daa4a700a298fe3aee11dea296bfe59fc4affected
LinuxLinuxf07e28e4c623168f9fa5c00f518bd341d4014aa6 < 2f9bec0a749eb646b384fde0c7b7c24687b2ffaeaffected
LinuxLinux7f3287db654395f9c5ddd246325ff7889f550286 < e227c042580ab065edc610c9ddc9bea691e6fc4daffected
LinuxLinux7f3287db654395f9c5ddd246325ff7889f550286 < b7529880cb961d515642ce63f9d7570869bbbdc3affected
LinuxLinuxecc5368315af8473fe052cb928e53756dbfe4403affected
LinuxLinux6.1.112 < 6.1.120affected
LinuxLinux6.6.53 < 6.6.66affected
LinuxLinux6.10.12 < 6.11affected
LinuxLinux6.11affected
LinuxLinux0 < 6.11unaffected
LinuxLinux6.1.120 <= 6.1.*unaffected
LinuxLinux6.6.66 <= 6.6.*unaffected
LinuxLinux6.12.5 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References