CVE-2024-26849
netlink: add nla be16/32 types to minlen array
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
netlink: add nla be16/32 types to minlen array
BUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline]
BUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline]
BUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline]
BUG: KMSAN: uninit-value in __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631
nla_validate_range_unsigned lib/nlattr.c:222 [inline]
nla_validate_int_range lib/nlattr.c:336 [inline]
validate_nla lib/nlattr.c:575 [inline]
...
The message in question matches this policy:
[NFTA_TARGET_REV] = NLA_POLICY_MAX(NLA_BE32, 255),
but because NLA_BE32 size in minlen array is 0, the validation
code will read past the malformed (too small) attribute.
Note: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing:
those likely should be added too.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netlink: agregue tipos nla be16/32 a la matriz minlen ERROR: KMSAN: valor uninit en nla_validate_range_unsigned lib/nlattr.c:222 [en línea] ERROR: KMSAN: valor uninit en nla_validate_int_range lib/nlattr.c:336 [en línea] ERROR: KMSAN: valor uninit en validar_nla lib/nlattr.c:575 [en línea] ERROR: KMSAN: valor uninit en __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631 nla_validate_range_unsigned lib/nlattr.c:222 [en línea] nla_validate_int_range lib/nlattr.c:336 [en línea] validar_nla lib/nlattr.c:575 [en línea] ... El mensaje en cuestión coincide con esta política: [NFTA_TARGET_REV] = NLA_POLICY_MAX( NLA_BE32, 255), pero debido a que el tamaño de NLA_BE32 en la matriz minlen es 0, el código de validación leerá más allá del atributo con formato incorrecto (demasiado pequeño). Nota: También faltan otros atributos, por ejemplo, BITFIELD32, SINT, UINT...: probablemente también deberían agregarse.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-04-17 CVE Published
- 2024-04-18 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1 < 6.1.81 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.1.81" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1 < 6.6.21 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.6.21" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1 < 6.7.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.7.9" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.8" | en |
Affected
| ||||||