CVE-2024-50142
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-11-08 15:58
Severity ?
EPSS score ?
Summary
xfrm: validate new SA's prefixlen using SA family when sel.family is unset
References
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/xfrm/xfrm_user.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f31398570acf", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "401ad99a5ae7", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "8df5cd51fd70", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "2d08a6c31c65", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "bce1afaa212e", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "7d9868180bd1", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "e68dd80ba498", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "3f0ab59e6537", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/xfrm/xfrm_user.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "2.6.12" }, { "lessThan": "2.6.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.323", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.285", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.229", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.170", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.115", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12-rc5", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on." } ], "providerMetadata": { "dateUpdated": "2024-11-08T15:58:49.112Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f31398570acf0f0804c644006f7bfa9067106b0a" }, { "url": "https://git.kernel.org/stable/c/401ad99a5ae7180dd9449eac104cb755f442e7f3" }, { "url": "https://git.kernel.org/stable/c/8df5cd51fd70c33aa1776e5cbcd82b0a86649d73" }, { "url": "https://git.kernel.org/stable/c/2d08a6c31c65f23db71a5385ee9cf9d8f9a67a71" }, { "url": "https://git.kernel.org/stable/c/bce1afaa212ec380bf971614f70909a27882b862" }, { "url": "https://git.kernel.org/stable/c/7d9868180bd1e4cf37e7c5067362658971162366" }, { "url": "https://git.kernel.org/stable/c/e68dd80ba498265d2266b12dc3459164f4ff0c4a" }, { "url": "https://git.kernel.org/stable/c/3f0ab59e6537c6a8f9e1b355b48f9c05a76e8563" } ], "title": "xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50142", "datePublished": "2024-11-07T09:31:19.415Z", "dateReserved": "2024-10-21T19:36:19.956Z", "dateUpdated": "2024-11-08T15:58:49.112Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-50142\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-07T10:15:06.170\",\"lastModified\":\"2024-11-08T19:01:03.880\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\\n\\nThis expands the validation introduced in commit 07bf7908950a (\\\"xfrm:\\nValidate address prefix lengths in the xfrm selector.\\\")\\n\\nsyzbot created an SA with\\n usersa.sel.family = AF_UNSPEC\\n usersa.sel.prefixlen_s = 128\\n usersa.family = AF_INET\\n\\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\\nprefixlen is going to be used later on.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfrm: validar el prefijo de la nueva SA usando la familia de SA cuando sel.family no est\u00e1 configurado Esto expande la validaci\u00f3n introducida en el commit 07bf7908950a (\\\"xfrm: validar las longitudes de prefijo de direcci\u00f3n en el selector xfrm\\\"). syzbot cre\u00f3 una SA con usersa.sel.family = AF_UNSPEC usersa.sel.prefixlen_s = 128 usersa.family = AF_INET Debido al selector AF_UNSPEC, verificar_newsa_info no pone l\u00edmites en prefixlen_{s,d}. Pero luego copy_from_user_state establece x-\u0026gt;sel.family en usersa.family (AF_INET). Realice la misma conversi\u00f3n en verificar_newsa_info antes de validar prefixlen_{s,d}, ya que as\u00ed es como se usar\u00e1 prefixlen m\u00e1s adelante.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2d08a6c31c65f23db71a5385ee9cf9d8f9a67a71\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3f0ab59e6537c6a8f9e1b355b48f9c05a76e8563\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/401ad99a5ae7180dd9449eac104cb755f442e7f3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7d9868180bd1e4cf37e7c5067362658971162366\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8df5cd51fd70c33aa1776e5cbcd82b0a86649d73\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bce1afaa212ec380bf971614f70909a27882b862\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e68dd80ba498265d2266b12dc3459164f4ff0c4a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f31398570acf0f0804c644006f7bfa9067106b0a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.