| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024072952-CVE-2024-42070-b271@gregkh> Date: Mon, 29 Jul 2024 17:52:59 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers Description =========== In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers. The Linux kernel CVE team has assigned CVE-2024-42070 to this issue. Affected and fixed versions =========================== Issue introduced in 3.13 with commit 96518518cc41 and fixed in 4.19.317 with commit 40188a25a984 Issue introduced in 3.13 with commit 96518518cc41 and fixed in 5.4.279 with commit 23752737c6a6 Issue introduced in 3.13 with commit 96518518cc41 and fixed in 5.10.221 with commit 5d43d789b579 Issue introduced in 3.13 with commit 96518518cc41 and fixed in 5.15.162 with commit 461302e07f49 Issue introduced in 3.13 with commit 96518518cc41 and fixed in 6.1.97 with commit efb27ad05949 Issue introduced in 3.13 with commit 96518518cc41 and fixed in 6.6.37 with commit 952bf8df2225 Issue introduced in 3.13 with commit 96518518cc41 and fixed in 6.9.8 with commit 41a6375d48de Issue introduced in 3.13 with commit 96518518cc41 and fixed in 6.10 with commit 7931d32955e0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-42070 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: include/net/netfilter/nf_tables.h net/netfilter/nf_tables_api.c net/netfilter/nft_lookup.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4 https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8 https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007 https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564 https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c
Powered by blists - more mailing lists