Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentLinuxVULNRICHMENT:CVE-2024-26851
HistoryApr 17, 2024 - 10:17 a.m.

CVE-2024-26851 netfilter: nf_conntrack_h323: Add protection for bmp length out of range

2024-04-1710:17:15
Linux
github.com
linux kernel
netfilter
nf_conntrack_h323
bmp length
out of range
ubsan load
exception
vmlinux
decode_seq
skb->data
shift operation
negative shift
undefined behaviour
out of range error
decoding
cve

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.2%

JSON

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_h323: Add protection for bmp length out of range

UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts
that are out of bounds for their data type.

vmlinux get_bitmap(b=75) + 712
<net/netfilter/nf_conntrack_h323_asn1.c:0>
vmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956
<net/netfilter/nf_conntrack_h323_asn1.c:592>
vmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216
<net/netfilter/nf_conntrack_h323_asn1.c:814>
vmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812
<net/netfilter/nf_conntrack_h323_asn1.c:576>
vmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216
<net/netfilter/nf_conntrack_h323_asn1.c:814>
vmlinux DecodeRasMessage() + 304
<net/netfilter/nf_conntrack_h323_asn1.c:833>
vmlinux ras_help() + 684
<net/netfilter/nf_conntrack_h323_main.c:1728>
vmlinux nf_confirm() + 188
<net/netfilter/nf_conntrack_proto.c:137>

Due to abnormal data in skb->data, the extension bitmap length
exceeds 32 when decoding ras message then uses the length to make
a shift operation. It will change into negative after several loop.
UBSAN load could detect a negative shift as an undefined behaviour
and reports exception.
So we add the protection to avoid the length exceeding 32. Or else
it will return out of range error and stop decoding.

CNA Affected

[
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "5e35941d9901",
        "lessThan": "98db42191329",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "5e35941d9901",
        "lessThan": "4bafcc43baf7",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "5e35941d9901",
        "lessThan": "ccd1108b16ab",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "5e35941d9901",
        "lessThan": "b3c0f5538205",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "5e35941d9901",
        "lessThan": "39001e3c4200",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "5e35941d9901",
        "lessThan": "014a807f1cc9",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "5e35941d9901",
        "lessThan": "80ee5054435a",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "5e35941d9901",
        "lessThan": "767146637efc",
        "versionType": "git"
      }
    ],
    "programFiles": [
      "net/netfilter/nf_conntrack_h323_asn1.c"
    ],
    "defaultStatus": "unaffected"
  },
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "2.6.17"
      },
      {
        "status": "unaffected",
        "version": "0",
        "lessThan": "2.6.17",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "4.19.310",
        "versionType": "custom",
        "lessThanOrEqual": "4.19.*"
      },
      {
        "status": "unaffected",
        "version": "5.4.272",
        "versionType": "custom",
        "lessThanOrEqual": "5.4.*"
      },
      {
        "status": "unaffected",
        "version": "5.10.213",
        "versionType": "custom",
        "lessThanOrEqual": "5.10.*"
      },
      {
        "status": "unaffected",
        "version": "5.15.152",
        "versionType": "custom",
        "lessThanOrEqual": "5.15.*"
      },
      {
        "status": "unaffected",
        "version": "6.1.82",
        "versionType": "custom",
        "lessThanOrEqual": "6.1.*"
      },
      {
        "status": "unaffected",
        "version": "6.6.22",
        "versionType": "custom",
        "lessThanOrEqual": "6.6.*"
      },
      {
        "status": "unaffected",
        "version": "6.7.10",
        "versionType": "custom",
        "lessThanOrEqual": "6.7.*"
      },
      {
        "status": "unaffected",
        "version": "6.8",
        "versionType": "original_commit_for_fix",
        "lessThanOrEqual": "*"
      }
    ],
    "programFiles": [
      "net/netfilter/nf_conntrack_h323_asn1.c"
    ],
    "defaultStatus": "affected"
  }
]

Related

cvelist 1
redhatcve 1
nvd 1
cve 1
debiancve 1
ubuntucve 1
nessus 12
openvas 11
ubuntu 2
osv 10
debian 1
cvelist
cvelist
CVE-2024-26851 netfilter: nf_conntrack_h323: Add protection for bmp length out of range
2024-04-17 10:17:15
redhatcve
redhatcve
CVE-2024-26851
2024-04-17 19:53:54
nvd
nvd
CVE-2024-26851
2024-04-17 11:15:08
cve
cve
CVE-2024-26851
2024-04-17 11:15:08
debiancve
debiancve
CVE-2024-26851
2024-04-17 11:15:08
ubuntucve
ubuntucve
CVE-2024-26851
2024-04-17 00:00:00
nessus
nessus
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1816)
2024-06-25 00:00:00
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)
2024-06-25 00:00:00
Ubuntu 22.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-6820-2)
2024-06-11 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1837)
2024-06-25 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1816)
2024-06-25 00:00:00
Ubuntu: Security Advisory (USN-6821-2)
2024-06-11 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-06-10 00:00:00
Linux kernel (Azure) vulnerabilities
2024-06-14 00:00:00
osv
osv
linux-azure, linux-azure-fde vulnerabilities
2024-06-14 15:39:24
linux-gkeop, linux-gkeop-5.15, linux-kvm vulnerabilities
2024-06-10 17:13:01
linux-aws, linux-aws-5.15 vulnerabilities
2024-06-11 20:53:02
debian
debian
[SECURITY] [DSA 5681-1] linux security update
2024-05-06 18:31:39

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.2%

JSON
Related for VULNRICHMENT:CVE-2024-26851
cvelist1redhatcve1nvd1cve1debiancve1ubuntucve1nessus12openvas11ubuntu2osv10debian1