CVE-2024-50251

netfilter: nft_payload: sanitize offset and length before calling skb_checksum()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then
skb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length parameter while iterating
over skbuff, BUG_ON(len) at the end of it checks that the expected
length to be included in the checksum calculation is fully consumed.

An incorrect buffer length flaw was found in the Linux kernel's netfilter subsystem. A local user could trigger the nft_payload_set_eval function and use this issue to crash the system.

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length parameter while iterating over skbuff, BUG_ON(len) at the end of it checks that the expected length to be included in the checksum calculation is fully consumed.

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-11-09 CVE Published
2024-11-15 First Exploit
2024-12-19 CVE Updated
2025-03-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df	Vuln. Introduced

URL	Date	SRC
https://github.com/slavin-ayu/CVE-2024-50251-PoC	2024-11-15

URL	Date	SRC
https://git.kernel.org/stable/c/a661ed364ae6ae88c2fafa9ddc27df1af2a73701	2024-11-08
https://git.kernel.org/stable/c/ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534	2024-11-08
https://git.kernel.org/stable/c/e3e608cbad376674d19a71ccd0d41804d9393f02	2024-11-08
https://git.kernel.org/stable/c/b1d2de8a669fa14c499a385e056944d5352b3b40	2024-11-08
https://git.kernel.org/stable/c/d3217323525f7596427124359e76ea0d8fcc9874	2024-11-08
https://git.kernel.org/stable/c/0ab3be58b45b996764aba0187b46de19b3e58a72	2024-11-08
https://git.kernel.org/stable/c/c43e0ea848e7b9bef7a682cbc5608022d6d29d7b	2024-11-08
https://git.kernel.org/stable/c/d5953d680f7e96208c29ce4139a0e38de87a57fe	2024-10-31

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-50251	2024-12-11
https://bugzilla.redhat.com/show_bug.cgi?id=2324886	2024-12-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 4.19.323 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.19.323"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 5.4.285 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 5.4.285"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 5.10.229 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 5.10.229"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 5.15.171 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 5.15.171"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 6.1.116 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 6.1.116"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 6.6.60 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 6.6.60"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 6.11.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 6.11.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 6.12"		en		Affected