vulnerability

Red Hat: CVE-2024-53141: kernel: netfilter: ipset: add missing range check in bitmap_ip_uadt (Multiple Advisories)

Name: Red Hat: CVE-2024-53141: kernel: netfilter: ipset: add missing range check in bitmap_ip_uadt (Multiple Advisories)
Creator: Red Hat
Published: 2024-12-06T00:00:00.000Z
Keywords: CVE, Red Hat, 2024, 53141, kernel, redhat-upgrade-kernel, redhat-upgrade-kernel-rt, Severity 7

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:M/Au:S/C:C/I:C/A:C)

Published

Dec 6, 2024

Added

May 15, 2025

Modified

Mar 27, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ipset: add missing range check in bitmap_ip_uadt

When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists,
the values of ip and ip_to are slightly swapped. Therefore, the range check
for ip should be done later, but this part is missing and it seems that the
vulnerability occurs.

So we should add missing range checks and remove unnecessary range checks.

Solutions

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report