CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
5.0%
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
register store validation for NFT_DATA_VALUE is conditional, however,
the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This
only requires a new helper function to infer the register type from the
set datatype so this conditional check can be removed. Otherwise,
pointer to chain object can be leaked through the registers.
Vendor | Product | Version | CPE |
---|---|---|---|
linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"include/net/netfilter/nf_tables.h",
"net/netfilter/nf_tables_api.c",
"net/netfilter/nft_lookup.c"
],
"versions": [
{
"version": "96518518cc41",
"lessThan": "40188a25a984",
"status": "affected",
"versionType": "git"
},
{
"version": "96518518cc41",
"lessThan": "23752737c6a6",
"status": "affected",
"versionType": "git"
},
{
"version": "96518518cc41",
"lessThan": "5d43d789b579",
"status": "affected",
"versionType": "git"
},
{
"version": "96518518cc41",
"lessThan": "461302e07f49",
"status": "affected",
"versionType": "git"
},
{
"version": "96518518cc41",
"lessThan": "efb27ad05949",
"status": "affected",
"versionType": "git"
},
{
"version": "96518518cc41",
"lessThan": "952bf8df2225",
"status": "affected",
"versionType": "git"
},
{
"version": "96518518cc41",
"lessThan": "41a6375d48de",
"status": "affected",
"versionType": "git"
},
{
"version": "96518518cc41",
"lessThan": "7931d32955e0",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"include/net/netfilter/nf_tables.h",
"net/netfilter/nf_tables_api.c",
"net/netfilter/nft_lookup.c"
],
"versions": [
{
"version": "3.13",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.13",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.317",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.279",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.221",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.97",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.37",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.8",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]
git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4
git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f
git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f
git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8
git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf
git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c
git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564
git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007