CVE-2024-53141

netfilter: ipset: add missing range check in bitmap_ip_uadt

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists,
the values of ip and ip_to are slightly swapped. Therefore, the range check
for ip should be done later, but this part is missing and it seems that the
vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.

Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-11-19 CVE Reserved
2024-12-06 CVE Published
2025-01-20 CVE Updated
2025-03-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/72205fc68bd13109576aa6c4c12c740962d28a6c	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/3c20b5948f119ae61ee35ad8584d666020c91581	2024-12-05
https://git.kernel.org/stable/c/78b0f2028f1043227a8eb0c41944027fc6a04596	2024-12-14
https://git.kernel.org/stable/c/2e151b8ca31607d14fddc4ad0f14da0893e1a7c7	2024-12-14
https://git.kernel.org/stable/c/e67471437ae9083fa73fa67eee1573fec1b7c8cf	2024-12-14
https://git.kernel.org/stable/c/7ffef5e5d5eeecd9687204a5ec2d863752aafb7e	2024-12-14
https://git.kernel.org/stable/c/856023ef032d824309abd5c747241dffa33aae8c	2024-12-09
https://git.kernel.org/stable/c/591efa494a1cf649f50a35def649c43ae984cd03	2024-12-05
https://git.kernel.org/stable/c/15794835378ed56fb9bacc6a5dd3b9f33520604e	2024-12-05
https://git.kernel.org/stable/c/35f56c554eb1b56b77b3cf197a6b00922d49033d	2024-11-14

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.39 < 4.19.325 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.39 < 4.19.325"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.39 < 5.4.287 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.39 < 5.4.287"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.39 < 5.10.231 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.39 < 5.10.231"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.39 < 5.15.174 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.39 < 5.15.174"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.39 < 6.1.120 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.39 < 6.1.120"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.39 < 6.6.64 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.39 < 6.6.64"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.39 < 6.11.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.39 < 6.11.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.39 < 6.12.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.39 < 6.12.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.39 < 6.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.39 < 6.13"		en		Affected