CVE-2024-42154

tcp_metrics: validate source addr length

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

tcp_metrics: validate source addr length

I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4
is at least 4 bytes long, and the policy doesn't have an entry
for this attribute at all (neither does it for IPv6 but v6 is
manually validated).

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-29 CVE Reserved
2024-07-30 CVE Published
2024-08-09 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/3e7013ddf55af7bc191792b8aea0c2b94fb0fef5	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9	2024-07-18
https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c	2024-07-18
https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98	2024-07-18
https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6	2024-07-18
https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3	2024-07-11
https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99	2024-07-11
https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321	2024-07-11
https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff	2024-07-01

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.14 < 4.19.318 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.14 < 4.19.318"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.14 < 5.4.280 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.14 < 5.4.280"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.14 < 5.10.222 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.14 < 5.10.222"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.14 < 5.15.163 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.14 < 5.15.163"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.14 < 6.1.98 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.14 < 6.1.98"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.14 < 6.6.39 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.14 < 6.6.39"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.14 < 6.9.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.14 < 6.9.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.14 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.14 < 6.10"		en		Affected