First published: Mon Jul 29 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel | <4.19.317 | 4.19.317 |
redhat/kernel | <5.4.279 | 5.4.279 |
redhat/kernel | <5.10.221 | 5.10.221 |
redhat/kernel | <5.15.162 | 5.15.162 |
redhat/kernel | <6.1.97 | 6.1.97 |
redhat/kernel | <6.6.37 | 6.6.37 |
redhat/kernel | <6.9.8 | 6.9.8 |
redhat/kernel | <6.10 | 6.10 |
Linux Kernel | <3.13 | |
Linux Kernel | >=3.14<4.19.317 | |
Linux Kernel | >=4.20<5.4.279 | |
Linux Kernel | >=5.5<5.10.221 | |
Linux Kernel | >=5.11<5.15.162 | |
Linux Kernel | >=5.16<6.1.97 | |
Linux Kernel | >=6.2<6.6.37 | |
Linux Kernel | >=6.7<6.9.8 | |
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 | |
debian/linux-6.1 | 6.1.129-1~deb11u1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-42070 has a medium severity rating due to its potential impact on the Linux kernel's handling of netfilter's NFT_DATA_VALUE.
To fix CVE-2024-42070, update your Linux kernel to versions 4.19.317, 5.4.279, 5.10.221, 5.15.162, 6.1.97, 6.6.37, 6.9.8, or 6.10, depending on your distribution.
CVE-2024-42070 affects various versions of the Linux kernel ranging from 3.14 to 6.10.
As of now, there is no public evidence indicating that CVE-2024-42070 is being actively exploited.
CVE-2024-42070 could potentially allow improper validation of data in the Linux kernel, leading to unintended behavior in netfilter.