Количество 7
Количество 7
GHSA-pmp7-xx3c-wr9q
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject QUEUE/DROP verdict parameters This reverts commit e0abdadcc6e1. core.c:nf_hook_slow assumes that the upper 16 bits of NF_DROP verdicts contain a valid errno, i.e. -EPERM, -EHOSTUNREACH or similar, or 0. Due to the reverted commit, its possible to provide a positive value, e.g. NF_ACCEPT (1), which results in use-after-free. Its not clear to me why this commit was made. NF_QUEUE is not used by nftables; "queue" rules in nftables will result in use of "nft_queue" expression. If we later need to allow specifiying errno values from userspace (do not know why), this has to call NF_DROP_GETERR and check that "err <= 0" holds true.
CVE-2024-26609
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
BDU:2024-04145
Уязвимость компоненты netfilter ядра операционной системы Linux в функции nft_verdict_init(), позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
RLSA-2024:3138
Moderate: kernel security, bug fix, and enhancement update
ELSA-2024-3138
ELSA-2024-3138: kernel security, bug fix, and enhancement update (MODERATE)
ELSA-2024-2394
ELSA-2024-2394: kernel security, bug fix, and enhancement update (IMPORTANT)
ROS-20240821-02
Множественные уязвимости kernel-lt
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-pmp7-xx3c-wr9q In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject QUEUE/DROP verdict parameters This reverts commit e0abdadcc6e1. core.c:nf_hook_slow assumes that the upper 16 bits of NF_DROP verdicts contain a valid errno, i.e. -EPERM, -EHOSTUNREACH or similar, or 0. Due to the reverted commit, its possible to provide a positive value, e.g. NF_ACCEPT (1), which results in use-after-free. Its not clear to me why this commit was made. NF_QUEUE is not used by nftables; "queue" rules in nftables will result in use of "nft_queue" expression. If we later need to allow specifiying errno values from userspace (do not know why), this has to call NF_DROP_GETERR and check that "err <= 0" holds true. | больше 2 лет назад | ||
 | CVE-2024-26609 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | больше 2 лет назад | ||
 | BDU:2024-04145 Уязвимость компоненты netfilter ядра операционной системы Linux в функции nft_verdict_init(), позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации | CVSS3: 8.4 | больше 2 лет назад | |
 | RLSA-2024:3138 Moderate: kernel security, bug fix, and enhancement update | около 2 лет назад | ||
| ELSA-2024-3138 ELSA-2024-3138: kernel security, bug fix, and enhancement update (MODERATE) | около 2 лет назад | ||
| ELSA-2024-2394 ELSA-2024-2394: kernel security, bug fix, and enhancement update (IMPORTANT) | около 2 лет назад | ||
 | ROS-20240821-02 Множественные уязвимости kernel-lt | CVSS3: 9.8 | почти 2 года назад |
Уязвимостей на страницу