Home

CVE-2024-35962

Description

In the Linux kernel, the following vulnerability has been resolved:netfilter: complete validation of user inputIn my recent commit, I missed that do_replace() handlersuse copy_from_sockptr() (which I fixed), followedby unsafe copy_from_sockptr_offset() calls.In all functions, we can perform the @optlen validationbefore even calling xt_alloc_table_info() with the followingcheck:if ((u64)optlen < (u64)tmp.size + sizeof(tmp)) return -EINVAL;

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.007

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Security Guardium 12.0Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 12.1Windows
SUSE-SU-2024:2372-1(Public Cloud Module 15-SP5) kernel-syms-azure-5.14.21-150500.33.60.1.x86_64.rpmLinux
SUSE-SU-2024:2372-1(Public Cloud Module 15-SP5) kernel-source-azure-5.14.21-150500.33.60.1.noarch.rpmLinux
SUSE-SU-2024:2372-1(Public Cloud Module 15-SP5) kernel-devel-azure-5.14.21-150500.33.60.1.noarch.rpmLinux
SUSE-SU-2024:2372-1(Public Cloud Module 15-SP5) kernel-azure-devel-debuginfo-5.14.21-150500.33.60.1.x86_64.rpmLinux
SUSE-SU-2024:2372-1(Public Cloud Module 15-SP5) kernel-azure-devel-5.14.21-150500.33.60.1.x86_64.rpmLinux
SUSE-SU-2024:2372-1(Public Cloud Module 15-SP5) kernel-azure-debugsource-5.14.21-150500.33.60.1.x86_64.rpmLinux
SUSE-SU-2024:2372-1(Public Cloud Module 15-SP5) kernel-azure-debuginfo-5.14.21-150500.33.60.1.x86_64.rpmLinux
SUSE-SU-2024:2372-1(Public Cloud Module 15-SP5) kernel-azure-5.14.21-150500.33.60.1.x86_64.rpmLinux
SUSE-SU-2024:2571-1(Legacy Module 15-SP6 ) reiserfs-kmp-default-debuginfo-6.4.0-150600.23.14.2.x86_64.rpmLinux
SUSE-SU-2024:2571-1(Legacy Module 15-SP6 ) reiserfs-kmp-default-6.4.0-150600.23.14.2.x86_64.rpmLinux
SUSE-SU-2024:2571-1(Development Tools Module 15-SP6 ) kernel-syms-6.4.0-150600.23.14.2.x86_64.rpmLinux
SUSE-SU-2024:2571-1(Development Tools Module 15-SP6 ) kernel-source-6.4.0-150600.23.14.2.noarch.rpmLinux
SUSE-SU-2024:2571-1(Development Tools Module 15-SP6 ) kernel-obs-build-debugsource-6.4.0-150600.23.14.2.x86_64.rpmLinux
SUSE-SU-2024:2571-1(Development Tools Module 15-SP6 ) kernel-obs-build-6.4.0-150600.23.14.2.x86_64.rpmLinux
SUSE-SU-2024:2571-1(Basesystem Module 15-SP6 ) kernel-macros-6.4.0-150600.23.14.2.noarch.rpmLinux
SUSE-SU-2024:2571-1(Development Tools Module 15-SP6 ) kernel-docs-6.4.0-150600.23.14.2.noarch.rpmLinux
SUSE-SU-2024:2571-1(Basesystem Module 15-SP6 ) kernel-devel-6.4.0-150600.23.14.2.noarch.rpmLinux
SUSE-SU-2024:2571-1(Basesystem Module 15-SP6 ) kernel-default-devel-debuginfo-6.4.0-150600.23.14.2.x86_64.rpmLinux
SUSE-SU-2024:2571-1(Basesystem Module 15-SP6 ) kernel-default-devel-6.4.0-150600.23.14.2.x86_64.rpmLinux
SUSE-SU-2024:2571-1(Basesystem Module 15-SP6 ) kernel-default-debugsource-6.4.0-150600.23.14.2.x86_64.rpmLinux
SUSE-SU-2024:2571-1(Basesystem Module 15-SP6 ) kernel-default-debuginfo-6.4.0-150600.23.14.2.x86_64.rpmLinux
SUSE-SU-2024:2571-1(Basesystem Module 15-SP6 ) kernel-default-base-6.4.0-150600.23.14.2.150600.12.4.3.x86_64.rpmLinux
SUSE-SU-2024:2571-1(Basesystem Module 15-SP6 ) kernel-default-6.4.0-150600.23.14.2.x86_64.rpmLinux
SUSE-SU-2024:2896-1(Public Cloud Module 15-SP6 ) kernel-syms-azure-6.4.0-150600.8.8.1.x86_64.rpmLinux
SUSE-SU-2024:2896-1(Public Cloud Module 15-SP6 ) kernel-source-azure-6.4.0-150600.8.8.2.noarch.rpmLinux
SUSE-SU-2024:2896-1(Public Cloud Module 15-SP6 ) kernel-devel-azure-6.4.0-150600.8.8.2.noarch.rpmLinux
SUSE-SU-2024:2896-1(Public Cloud Module 15-SP6 ) kernel-azure-devel-debuginfo-6.4.0-150600.8.8.2.x86_64.rpmLinux
SUSE-SU-2024:2896-1(Public Cloud Module 15-SP6 ) kernel-azure-devel-6.4.0-150600.8.8.2.x86_64.rpmLinux
SUSE-SU-2024:2896-1(Public Cloud Module 15-SP6 ) kernel-azure-debugsource-6.4.0-150600.8.8.2.x86_64.rpmLinux
SUSE-SU-2024:2896-1(Public Cloud Module 15-SP6 ) kernel-azure-debuginfo-6.4.0-150600.8.8.2.x86_64.rpmLinux
SUSE-SU-2024:2896-1(Public Cloud Module 15-SP6 ) kernel-azure-6.4.0-150600.8.8.2.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update rv-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update rtla-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update python3-perf-debuginfo-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update python3-perf-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update perf-debuginfo-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update perf-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update libperf-debuginfo-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-uki-virt-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-tools-libs-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-tools-debuginfo-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-tools-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-rt-debuginfo-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-rt-debug-debuginfo-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-modules-extra-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-modules-core-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-modules-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-headers-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-doc-5.14.0-427.33.1.el9_4.noarch.rpmLinux
(RHSA-2024:5928)Important: security update kernel-devel-matched-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-devel-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-debuginfo-common-x86_64-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-debuginfo-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-debug-uki-virt-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-debug-modules-extra-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-debug-modules-core-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-debug-modules-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-debug-devel-matched-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-debug-devel-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-debug-debuginfo-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-debug-core-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-debug-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-core-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update kernel-abi-stablelists-5.14.0-427.33.1.el9_4.noarch.rpmLinux
(RHSA-2024:5928)Important: security update kernel-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update bpftool-debuginfo-7.3.0-427.33.1.el9_4.x86_64.rpmLinux
(RHSA-2024:5928)Important: security update bpftool-7.3.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-tools update (ELSA-2024-5928) kernel-tools-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-modules-extra update (ELSA-2024-5928) kernel-modules-extra-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-modules-core update (ELSA-2024-5928) kernel-modules-core-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-tools-libs update (ELSA-2024-5928) kernel-tools-libs-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-modules update (ELSA-2024-5928) kernel-modules-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-headers update (ELSA-2024-5928) kernel-headers-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-uki-virt update (ELSA-2024-5928) kernel-uki-virt-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-doc update (ELSA-2024-5928) kernel-doc-5.14.0-427.33.1.el9_4.noarch.rpmLinux
Kernel-devel-matched update (ELSA-2024-5928) kernel-devel-matched-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-devel update (ELSA-2024-5928) kernel-devel-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-debug-uki-virt update (ELSA-2024-5928) kernel-debug-uki-virt-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-debug-modules-extra update (ELSA-2024-5928) kernel-debug-modules-extra-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-debug-modules-core update (ELSA-2024-5928) kernel-debug-modules-core-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-debug-modules update (ELSA-2024-5928) kernel-debug-modules-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-debug-devel-matched update (ELSA-2024-5928) kernel-debug-devel-matched-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-debug-devel update (ELSA-2024-5928) kernel-debug-devel-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-debug-core update (ELSA-2024-5928) kernel-debug-core-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-debug update (ELSA-2024-5928) kernel-debug-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-abi-stablelists update (ELSA-2024-5928) kernel-abi-stablelists-5.14.0-427.33.1.el9_4.noarch.rpmLinux
Bpftool update (ELSA-2024-5928) bpftool-7.3.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel-core update (ELSA-2024-5928) kernel-core-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Rv update (ELSA-2024-5928) rv-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Rtla update (ELSA-2024-5928) rtla-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Python3-perf update (ELSA-2024-5928) python3-perf-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Kernel update (ELSA-2024-5928) kernel-5.14.0-427.33.1.el9_4.x86_64.rpmLinux
Perf update (ELSA-2024-5928) perf-5.14.0-427.33.1.el9_4.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234