CVE-2024-42283

net: nexthop: Initialize all fields in dumped nexthops

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

net: nexthop: Initialize all fields in dumped nexthops

struct nexthop_grp contains two reserved fields that are not initialized by
nla_put_nh_group(), and carry garbage. This can be observed e.g. with
strace (edited for clarity):

# ip nexthop add id 1 dev lo
# ip nexthop add id 101 group 1
# strace -e recvmsg ip nexthop get id 101
...
recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},
[{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52

The fields are reserved and therefore not currently used. But as they are, they
leak kernel memory, and the fact they are not just zero complicates repurposing
of the fields for new ends. Initialize the full structure.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-30 CVE Reserved
2024-08-17 CVE Published
2024-08-20 EPSS Updated
2024-11-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-456: Missing Initialization of a Variable

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/430a049190de3c9e219f43084de9f1122da04570	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/fd06cb4a5fc7bda3dea31712618a62af72a1c6cb	2024-08-19
https://git.kernel.org/stable/c/5cc4d71dda2dd4f1520f40e634a527022e48ccd8	2024-08-19
https://git.kernel.org/stable/c/9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0	2024-08-19
https://git.kernel.org/stable/c/1377de719652d868f5317ba8398b7e74c5f0430b	2024-08-03
https://git.kernel.org/stable/c/7704460acd7f5d35eb07c52500987dc9b95313fb	2024-08-03
https://git.kernel.org/stable/c/a13d3864b76ac87085ec530b2ff8e37482a63a96	2024-08-03
https://git.kernel.org/stable/c/6d745cd0e9720282cd291d36b9db528aea18add2	2024-07-24

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-42283	2024-11-14
https://bugzilla.redhat.com/show_bug.cgi?id=2305428	2024-11-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 5.4.282 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.4.282"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 5.10.224 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.10.224"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 5.15.165 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.15.165"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 6.1.103 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 6.1.103"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 6.6.44 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 6.6.44"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 6.10.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 6.10.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.3 < 6.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 6.11"		en		Affected