CVE-2024-26849

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netlink: add nla be16/32 types to minlen array<br /> <br /> BUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline]<br /> BUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline]<br /> BUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline]<br /> BUG: KMSAN: uninit-value in __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631<br /> nla_validate_range_unsigned lib/nlattr.c:222 [inline]<br /> nla_validate_int_range lib/nlattr.c:336 [inline]<br /> validate_nla lib/nlattr.c:575 [inline]<br /> ...<br /> <br /> The message in question matches this policy:<br /> <br /> [NFTA_TARGET_REV] = NLA_POLICY_MAX(NLA_BE32, 255),<br /> <br /> but because NLA_BE32 size in minlen array is 0, the validation<br /> code will read past the malformed (too small) attribute.<br /> <br /> Note: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing:<br /> those likely should be added too.