CVE-2024-42070

medium

Published 2024-11-12 · Modified 2024-11-05

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.5

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers.

Predictions

Exploit likelihood

55%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers CVSS v3: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.27.1.rt7.368.el8_10RHSA-2024:88702024-11-05T00:00:00Z Red Hat Enterprise Linux…

Description

kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers

CVSS v3: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 8	`kernel-rt-0:4.18.0-553.27.1.rt7.368.el8_10`	RHSA-2024:8870	2024-11-05T00:00:00Z
Red Hat Enterprise Linux 8	`kernel-0:4.18.0-553.27.1.el8_10`	RHSA-2024:8856	2024-11-05T00:00:00Z
Red Hat Enterprise Linux 9	`kernel-0:5.14.0-503.11.1.el9_5`	RHSA-2024:9315	2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9	`kernel-0:5.14.0-503.11.1.el9_5`	RHSA-2024:9315	2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support	`kernel-0:5.14.0-427.66.1.el9_4`	RHSA-2025:4342	2025-04-30T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 6	`kernel`	Not affected
Red Hat Enterprise Linux 7	`kernel`	Out of support scope
Red Hat Enterprise Linux 7	`kernel-rt`	Out of support scope
Red Hat Enterprise Linux 9	`kernel-rt`	Affected

Apply commands

bash fix

Apply RHSA-2024:8870 for Red Hat Enterprise Linux 8

yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rt

Affected

Vendor	Product	Version
redhat	Red Hat Enterprise Linux 6	`Not affected`
redhat	Red Hat Enterprise Linux 9	`Affected`

OS impact

Linux kernel Affected 1 release

Version	Status	Fixed in
—	Affected	`3.13`

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

AlmaLinux Fixed 1 release

Version	Status	Fixed in
8	Fixed	`kernel-doc-4.18.0-553.27.1.el8_10.noarch.rpm`

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`6.9.8-1`
sid	Fixed	`6.9.8-1`
forky	Fixed	`6.9.8-1`
bullseye	Fixed	`5.10.221-1`
bookworm	Fixed	`6.1.98-1`

Red Hat Fixed 2 releases

Version	Status	Fixed in
9	Fixed	—
8	Fixed	—

Rocky Linux Fixed 1 release

Version	Status	Fixed in
8	Fixed	—

References

CWEs

CWE-401

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.