CVE-2024-42154

July 30, 2024, 1:32 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated).

Product(s) Impacted

Product Versions
Linux kernel

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9
https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c
https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3
https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321
https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff
https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99
https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98
https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-07-30
CVE-2024-42154

Timeline

Published: July 30, 2024, 8:15 a.m.
Last Modified: July 30, 2024, 1:32 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.