CVE-2024-56783

netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level cgroup maximum depth is INT_MAX by default, there is a cgroup toggle to
restrict this maximum depth to a more reasonable value not to harm
performance. Remove unnecessary WARN_ON_ONCE which is reachable from
userspace.

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level cgroup maximum depth is INT_MAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove unnecessary WARN_ON_ONCE which is reachable from userspace.

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-12-29 CVE Reserved
2025-01-08 CVE Published
2025-01-20 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/ace0db36b4a1db07a48517c4f04488d1cd05e5f5	Vuln. Introduced
https://git.kernel.org/stable/c/f07e28e4c623168f9fa5c00f518bd341d4014aa6	Vuln. Introduced
https://git.kernel.org/stable/c/7f3287db654395f9c5ddd246325ff7889f550286	Vuln. Introduced
https://git.kernel.org/stable/c/ecc5368315af8473fe052cb928e53756dbfe4403	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7064a6daa4a700a298fe3aee11dea296bfe59fc4	2024-12-14
https://git.kernel.org/stable/c/2f9bec0a749eb646b384fde0c7b7c24687b2ffae	2024-12-14
https://git.kernel.org/stable/c/e227c042580ab065edc610c9ddc9bea691e6fc4d	2024-12-14
https://git.kernel.org/stable/c/b7529880cb961d515642ce63f9d7570869bbbdc3	2024-11-28

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.112 < 6.1.120 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.112 < 6.1.120"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.53 < 6.6.66 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.53 < 6.6.66"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11 < 6.12.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11 < 6.12.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11 < 6.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11 < 6.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.10.12 Search vendor "Linux" for product "Linux Kernel" and version "6.10.12"		en		Affected