TROYANOSYVIRUS
Volver a CVEs

CVE-2024-42070

MEDIUM
5.5

Descripcion

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers.

Detalles CVE

Puntuacion CVSS v3.15.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado7/29/2024
Ultima modificacion11/3/2025
Fuentenvd
Avistamientos honeypot0

Productos afectados

linux:linux_kernel

Debilidades (CWE)

CWE-401

Referencias

https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.