3 matches found
CVE-2024-50038 netfilter: xtables: avoid NFPROTO_UNSPEC where needed
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid NFPROTOUNSPEC where needed syzbot managed to call xtcluster match via ebtables: WARNING: CPU: 0 PID: 11 at net/netfilter/xtcluster.c:72 xtclustermt+0x196/0x780 .. ebtdotable+0x174b/0x2a40 Module register...
CVE-2024-50038
CVE-2024-50038 : Linux kernel fix for netfilter xtables UNSPEC handling. The patch ensures matches/targets no longer assume skb_network_header() validity when UNSPEC is used, and restricts registration to NFPROTO_IPV4/NIPv6 (and ARP for MARK target). This prevents ebtables traversal from misproce...
CVE-2024-50038 netfilter: xtables: avoid NFPROTO_UNSPEC where needed
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid NFPROTOUNSPEC where needed syzbot managed to call xtcluster match via ebtables: WARNING: CPU: 0 PID: 11 at net/netfilter/xtcluster.c:72 xtclustermt+0x196/0x780 .. ebtdotable+0x174b/0x2a40 Module register...