Lucene search

K

GoogleOSV:UBUNTU-CVE-2024-36270

HistoryJun 21, 2024 - 11:15 a.m.

UBUNTU-CVE-2024-36270

2024-06-2111:15:00

Google

osv.dev

linux kernel

netfilter tproxy

vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] […] RIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62 Call Trace: nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline] nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168 __in_dev_get_rcu() can return NULL, so check for this.

References

git.kernel.org/linus/21a673bddc8fd4873c370caf9ae70ffc6d47e8d3

git.kernel.org/stable/c/07eeedafc59c45fe5de43958128542be3784764c

git.kernel.org/stable/c/10f0af5234dafd03d2b75233428ec3f11cf7e43d

git.kernel.org/stable/c/21a673bddc8fd4873c370caf9ae70ffc6d47e8d3

git.kernel.org/stable/c/570b4c52096e62fda562448f5760fd0ff06110f0

git.kernel.org/stable/c/6fe5af4ff06db3d4d80e07a19356640428159f03

git.kernel.org/stable/c/819bfeca16eb9ad647ddcae25e7e12c30612147c

git.kernel.org/stable/c/caf3a8afb5ea00db6d5398adf148d5534615fd80

ubuntu.com/security/CVE-2024-36270

ubuntu.com/security/notices/USN-6951-1

ubuntu.com/security/notices/USN-6951-2

ubuntu.com/security/notices/USN-6951-3

ubuntu.com/security/notices/USN-6951-4

ubuntu.com/security/notices/USN-6953-1

ubuntu.com/security/notices/USN-6979-1

ubuntu.com/security/notices/USN-6999-1

ubuntu.com/security/notices/USN-6999-2

ubuntu.com/security/notices/USN-7004-1

ubuntu.com/security/notices/USN-7005-1

ubuntu.com/security/notices/USN-7005-2

ubuntu.com/security/notices/USN-7007-1

ubuntu.com/security/notices/USN-7007-2

ubuntu.com/security/notices/USN-7007-3

ubuntu.com/security/notices/USN-7008-1

ubuntu.com/security/notices/USN-7009-1

ubuntu.com/security/notices/USN-7009-2

ubuntu.com/security/notices/USN-7019-1

ubuntu.com/security/notices/USN-7029-1

www.cve.org/CVERecord?id=CVE-2024-36270

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

Related for OSV:UBUNTU-CVE-2024-36270

ubuntucve1 nvd1 osv29 vulnrichment1 redhatcve1 cvelist1 debiancve1 cve1 nessus46 oraclelinux5 rocky4 redhat9 redos1 ubuntu6 openvas25 mageia2