DEBIAN-CVE-2024-53141

DEBIAN-CVE-2024-53141 PUBLISHED CVSS 7.800000190734863 HIGH

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:11	linux-6.1	*, 6.1.106-3, 6.1.106-3
Debian:14	linux	0, 0
Debian:13	linux	0, 0
Debian:12	linux	6.1.106-2, 6.1.106-3, 6.1.112-1
Debian:11	linux	5.10.84-1, 5.10.92-1, 5.10.92-1

Exploit Intelligence

USN-7389-1.json (github-poc)

Timeline

Dec 6, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-53141 advisory

Open in Interactive Console →