vulnerability

Red Hat: CVE-2024-50142: kernel: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	Nov 7, 2024	Feb 10, 2025	Mar 27, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Nov 7, 2024

Added

Feb 10, 2025

Modified

Mar 27, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

xfrm: validate new SA's prefixlen using SA family when sel.family is unset

This expands the validation introduced in commit 07bf7908950a ("xfrm:
Validate address prefix lengths in the xfrm selector.")

syzbot created an SA with
usersa.sel.family = AF_UNSPEC
usersa.sel.prefixlen_s = 128
usersa.family = AF_INET

Because of the AF_UNSPEC selector, verify_newsa_info doesn't put
limits on prefixlen_{s,d}. But then copy_from_user_state sets
x->sel.family to usersa.family (AF_INET). Do the same conversion in
verify_newsa_info before validating prefixlen_{s,d}, since that's how
prefixlen is going to be used later on.

Solutions

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report

Red Hat: CVE-2024-50142: kernel: xfrm: validate new SA&#39;s prefixlen using SA family when sel.family is unset (Multiple Advisories)

Description

Solutions

References

2026 Global Threat Landscape Report

Red Hat: CVE-2024-50142: kernel: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Multiple Advisories)