VDB

CISA-2024-42070

CISA-2024-42070 PUBLISHED

Reported by Linux · Published July 29, 2024

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers.

Affected Products

VendorProductVersions
LinuxLinux96518518cc417bb0a8c80b9fb736202e28acdf96, 96518518cc417bb0a8c80b9fb736202e28acdf96, 96518518cc417bb0a8c80b9fb736202e28acdf96
LinuxLinux3.13, 0, 4.19.317
linuxlinux_kernel3.13, 3.13, 3.13
LinuxLinux96518518cc417bb0a8c80b9fb736202e28acdf96, 96518518cc417bb0a8c80b9fb736202e28acdf96, 96518518cc417bb0a8c80b9fb736202e28acdf96

Timeline

  • Jul 29, 2024 CVE Published
  • May 4, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›