5 matches found
CVE-2024-50038
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid NFPROTOUNSPEC where needed syzbot managed to call xtcluster match via ebtables: WARNING: CPU: 0 PID: 11 at net/netfilter/xtcluster.c:72 xtclustermt+0x196/0x780 .. ebtdotable+0x174b/0x2a40 Module register...
CVE-2024-50038 netfilter: xtables: avoid NFPROTO_UNSPEC where needed
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid NFPROTOUNSPEC where needed syzbot managed to call xtcluster match via ebtables: WARNING: CPU: 0 PID: 11 at net/netfilter/xtcluster.c:72 xtclustermt+0x196/0x780 .. ebtdotable+0x174b/0x2a40 Module register...
CVE-2024-26673
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTOIPV4,IPV6,INET. - Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for...
CVE-2024-26673 netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTOIPV4,IPV6,INET. - Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for...
CVE-2024-26673
CVE-2024-26673 affects the Linux kernel netfilter nft_ct, where custom expectations could mishandle layer 3/4 protocol numbers. The issue arises from insufficient validation, allowing unexpected protocol families beyond NFPROTO_IPV4/IPv6/INET and permitting layer-4 protocols without ports, since ...