CVE-2024-42283
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/08/2024
Last modified:
19/08/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: nexthop: Initialize all fields in dumped nexthops<br />
<br />
struct nexthop_grp contains two reserved fields that are not initialized by<br />
nla_put_nh_group(), and carry garbage. This can be observed e.g. with<br />
strace (edited for clarity):<br />
<br />
# ip nexthop add id 1 dev lo<br />
# ip nexthop add id 101 group 1<br />
# strace -e recvmsg ip nexthop get id 101<br />
...<br />
recvmsg(... [{nla_len=12, nla_type=NHA_GROUP},<br />
[{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52<br />
<br />
The fields are reserved and therefore not currently used. But as they are, they<br />
leak kernel memory, and the fact they are not just zero complicates repurposing<br />
of the fields for new ends. Initialize the full structure.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.3 (including) | 5.4.282 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.224 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.165 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.103 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.44 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.10.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1377de719652d868f5317ba8398b7e74c5f0430b
- https://git.kernel.org/stable/c/5cc4d71dda2dd4f1520f40e634a527022e48ccd8
- https://git.kernel.org/stable/c/6d745cd0e9720282cd291d36b9db528aea18add2
- https://git.kernel.org/stable/c/7704460acd7f5d35eb07c52500987dc9b95313fb
- https://git.kernel.org/stable/c/9e8f558a3afe99ce51a642ce0d3637ddc2b5d5d0
- https://git.kernel.org/stable/c/a13d3864b76ac87085ec530b2ff8e37482a63a96
- https://git.kernel.org/stable/c/fd06cb4a5fc7bda3dea31712618a62af72a1c6cb