CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
5.0%
In the Linux kernel, the following vulnerability has been resolved:
wireguard: allowedips: avoid unaligned 64-bit memory accesses
On the parisc platform, the kernel issues kernel warnings because
swap_endian() tries to load a 128-bit IPv6 address from an unaligned
memory location:
Kernel: unaligned access to 0x55f4688c in
wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df)
Kernel: unaligned access to 0x55f46884 in
wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc)
Avoid such unaligned memory accesses by instead using the
get_unaligned_be64() helper macro.
[Jason: replace src[8] in original patch with src+8]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-fde | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-fde-5.15 | < any | UNKNOWN |
git.kernel.org/linus/948f991c62a4018fb81d85804eeab3029c6209f8 (6.10)
git.kernel.org/stable/c/217978a29c6ceca76d3c640bf94bdf50c268d801
git.kernel.org/stable/c/2fb34bf76431e831f9863cd59adc0bd1f67b0fbf
git.kernel.org/stable/c/6638a203abad35fa636d59ac47bdbc4bc100fd74
git.kernel.org/stable/c/948f991c62a4018fb81d85804eeab3029c6209f8
git.kernel.org/stable/c/ae630de24efb123d7199a43256396d7758f4cb75
git.kernel.org/stable/c/b4764f0ad3d68de8a0b847c05f427afb86dd54e6
launchpad.net/bugs/cve/CVE-2024-42247
nvd.nist.gov/vuln/detail/CVE-2024-42247
security-tracker.debian.org/tracker/CVE-2024-42247
www.cve.org/CVERecord?id=CVE-2024-42247