NVD

CVE-2024-42070 Detail

Modified

This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 5.5 MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007	CVE, kernel.org	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-401	Missing Release of Memory after Effective Lifetime	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

CVE Modified by CVE 11/21/2024 4:33:31 AM

Action	Type	New Value
Added	Reference	https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4
Added	Reference	https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f
Added	Reference	https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f
Added	Reference	https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8
Added	Reference	https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf
Added	Reference	https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c
Added	Reference	https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564
Added	Reference	https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007

Initial Analysis by NIST 7/30/2024 3:01:47 PM

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE		NIST CWE-401
Added	CPE Configuration		OR cpe:2.3:o:linux:linux_kernel::::::::* versions up to (excluding) 3.13 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 3.14 up to (excluding) 4.19.317 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.20 up to (excluding) 5.4.279 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.5 up to (excluding) 5.10.221 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.11 up to (excluding) 5.15.162 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.16 up to (excluding) 6.1.97 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.2 up to (excluding) 6.6.37 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.7 up to (excluding) 6.9.8
Changed	Reference Type	https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4 No Types Assigned	https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f No Types Assigned	https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f Patch
Changed	Reference Type	https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f No Types Assigned	https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f Patch
Changed	Reference Type	https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8 No Types Assigned	https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf No Types Assigned	https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf Patch
Changed	Reference Type	https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c No Types Assigned	https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c Patch
Changed	Reference Type	https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564 No Types Assigned	https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007 No Types Assigned	https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007 Patch

New CVE Received from kernel.org 7/29/2024 12:15:06 PM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers.
Added	Reference	kernel.org https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007 [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2024-42070
NVD Published Date:
07/29/2024
NVD Last Modified:
11/21/2024
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2024-42070 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CVE 11/21/2024 4:33:31 AM

Initial Analysis by NIST 7/30/2024 3:01:47 PM

New CVE Received from kernel.org 7/29/2024 12:15:06 PM

Quick Info