CVE-2024-42283

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/08/2024
Last modified:
19/08/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: nexthop: Initialize all fields in dumped nexthops<br /> <br /> struct nexthop_grp contains two reserved fields that are not initialized by<br /> nla_put_nh_group(), and carry garbage. This can be observed e.g. with<br /> strace (edited for clarity):<br /> <br /> # ip nexthop add id 1 dev lo<br /> # ip nexthop add id 101 group 1<br /> # strace -e recvmsg ip nexthop get id 101<br /> ...<br /> recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},<br /> [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52<br /> <br /> The fields are reserved and therefore not currently used. But as they are, they<br /> leak kernel memory, and the fact they are not just zero complicates repurposing<br /> of the fields for new ends. Initialize the full structure.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.3 (including) 5.4.282 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.224 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.165 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.103 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.44 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.10.3 (excluding)