CVE-2024-42154 in Linuxinfo

Summary

by MITRE • 07/30/2024

In the Linux kernel, the following vulnerability has been resolved:

tcp_metrics: validate source addr length

I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated).

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 07/19/2025

The vulnerability identified as CVE-2024-42154 resides within the Linux kernel's TCP metrics subsystem, specifically concerning the validation of source address attributes. This issue manifests in the improper handling of TCP_METRICS_ATTR_SADDR_IPV4 attribute length validation, creating a potential security risk through insufficient input sanitization. The flaw occurs when the kernel processes TCP metrics data structures without ensuring that the source address attribute contains the minimum required byte length for IPv4 addresses, which should be four bytes. This oversight represents a critical gap in the kernel's network stack validation mechanisms.

The technical implementation of this vulnerability stems from the absence of proper length validation checks for the TCP_METRICS_ATTR_SADDR_IPV4 attribute within the kernel's metrics processing code. While the kernel does implement manual validation for IPv6 addresses, it fails to apply equivalent safeguards for IPv4 addresses, creating an asymmetric security posture. This inconsistency allows for malformed or truncated network metrics data to be processed without proper verification, potentially enabling attackers to exploit the gap through crafted network packets or metrics data. The vulnerability directly relates to CWE-129, Input Validation, and CWE-707, Improper Neutralization of Input During Web Page Generation, as it involves inadequate validation of network attribute data.

The operational impact of CVE-2024-42154 extends beyond simple data corruption, as it could potentially enable remote code execution or denial of service attacks within the kernel's network processing pathways. An attacker who can influence the TCP metrics subsystem could exploit this vulnerability to cause kernel memory corruption, leading to system instability or privilege escalation. The vulnerability affects systems running Linux kernel versions that include the problematic TCP metrics implementation, particularly those that process or store TCP metrics data from network traffic. This weakness aligns with ATT&CK technique T1059.007, Command and Scripting Interpreter: Python, when considering the potential for exploitation through network-based attack vectors, and T1499.004, Network Denial of Service, in scenarios involving denial of service attacks.

Mitigation strategies for this vulnerability require immediate kernel updates from vendors that include patches addressing the missing length validation for TCP_METRICS_ATTR_SADDR_IPV4 attributes. System administrators should prioritize applying security patches from their respective Linux distributions, as the fix typically involves implementing proper validation checks that ensure the source address attribute contains the minimum required byte length before processing. Additional defensive measures include network segmentation to limit exposure to untrusted network traffic, implementing proper network monitoring to detect anomalous TCP metrics data patterns, and configuring firewalls to restrict access to systems that process TCP metrics data. The solution should also incorporate proper input validation procedures that align with secure coding practices as outlined in the CERT Secure Coding Standards and NIST SP 800-53 security controls for network security.

Responsible

Linux

Reservation

07/29/2024

Disclosure

07/30/2024

Moderation

accepted

CPE

ready

EPSS

0.00258

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!