vulnerability
Ubuntu: (CVE-2024-26849): linux-raspi-realtime vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | 2024-04-17 | 2025-02-11 | 2025-02-19 |
Description
In the Linux kernel, the following vulnerability has been resolved:
netlink: add nla be16/32 types to minlen array
BUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline]
BUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline]
BUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline]
BUG: KMSAN: uninit-value in __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631
nla_validate_range_unsigned lib/nlattr.c:222 [inline]
nla_validate_int_range lib/nlattr.c:336 [inline]
validate_nla lib/nlattr.c:575 [inline]
...
The message in question matches this policy:
[NFTA_TARGET_REV] = NLA_POLICY_MAX(NLA_BE32, 255),
but because NLA_BE32 size in minlen array is 0, the validation
code will read past the malformed (too small) attribute.
Note: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing:
those likely should be added too.
Solution
References
- CVE-2024-26849
- https://attackerkb.com/topics/CVE-2024-26849
- URL-https://git.kernel.org/linus/9a0d18853c280f6a0ee99f91619f2442a17a323a
- URL-https://git.kernel.org/stable/c/0ac219c4c3ab253f3981f346903458d20bacab32
- URL-https://git.kernel.org/stable/c/7a9d14c63b35f89563c5ecbadf918ad64979712d
- URL-https://git.kernel.org/stable/c/9a0d18853c280f6a0ee99f91619f2442a17a323a
- URL-https://git.kernel.org/stable/c/a2ab028151841cd833cb53eb99427e0cc990112d
- URL-https://www.cve.org/CVERecord?id=CVE-2024-26849
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.