U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-42070 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4 Patch 
https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f Patch 
https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f Patch 
https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8 Patch 
https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf Patch 
https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c Patch 
https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564 Patch 
https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007 Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-401 Missing Release of Memory after Effective Lifetime cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-42070
NVD Published Date:
07/29/2024
NVD Last Modified:
07/30/2024
Source:
kernel.org