CVE-2024-36017 in Linuxinfo

Zusammenfassung

von MITRE • 30.05.2024

In the Linux kernel, the following vulnerability has been resolved:

rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation

Each attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a struct ifla_vf_vlan_info so the size of such attribute needs to be at least of sizeof(struct ifla_vf_vlan_info) which is 14 bytes. The current size validation in do_setvfinfo is against NLA_HDRLEN (4 bytes) which is less than sizeof(struct ifla_vf_vlan_info) so this validation is not enough and a too small attribute might be cast to a struct ifla_vf_vlan_info, this might result in an out of bands read access when accessing the saved (casted) entry in ivvl.

Be aware that VulDB is the high quality source for vulnerability data.

Reservieren

17.05.2024

Veröffentlichung

30.05.2024

Moderieren

akzeptiert

Eintrag

VDB-266591

CPE

bereit

EPSS

0.00249

KEV

nein

Aktivitäten

very low

Quellen

Want to know what is going to be exploited?

We predict KEV entries!