3 matches found
CVE-2024-42154
A vulnerability was found in the Linux kernel's tcpmetrics.c, where insufficient validation of the length of the source address for TCP metrics could lead to incorrect memory read out of boundary read. Mitigation Mitigation for this issue is either not available or the currently available options...
CVE-2024-42154
In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: validate source addr length I don't see anything checking that TCPMETRICSATTRSADDRIPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all neither does it for IPv6 but v6 is manual...
CVE-2024-42154
CVE-2024-42154 : In the Linux kernel, the vulnerability is in tcp_metrics: validate source addr length. The issue is that TCP_METRICS_ATTR_SADDR_IPV4 may be stored with fewer than 4 bytes and the policy lacks an entry for this attribute (IPv6 similarly manually validated). Root cause: missing len...