1227757 – (CVE-2024-39504) VUL-0: CVE-2024-39504: kernel: netfilter: nft_inner: validate mandatory meta and payload

Bug 1227757 (CVE-2024-39504) - VUL-0: CVE-2024-39504: kernel: netfilter: nft_inner: validate mandatory meta and payload

Summary: VUL-0: CVE-2024-39504: kernel: netfilter: nft_inner: validate mandatory meta ...

Status:	NEW

Alias:	CVE-2024-39504

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	CVE kernel patch monkeys
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/413819/
Whiteboard:	CVSSv3.1:SUSE:CVE-2024-39504:4.4:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-07-15 08:12 UTC by SMASH SMASH
Modified:	2024-07-16 09:53 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-07-15 08:12:08 UTC

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_inner: validate mandatory meta and payload

Check for mandatory netlink attributes in payload and meta expression
when used embedded from the inner expression, otherwise NULL pointer
dereference is possible from userspace.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-39504
https://www.cve.org/CVERecord?id=CVE-2024-39504
https://git.kernel.org/stable/c/39323f54cad29602917848346c71b087da92a19d
https://git.kernel.org/stable/c/b30669fdea0ca03aa22995e6c99f7e7d9dee89ff
https://git.kernel.org/stable/c/c4ab9da85b9df3692f861512fe6c9812f38b7471
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-39504.mbox