netfilter: validate user input for expected length
CVE-2024-35896

7.1HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 May 2024

What is CVE-2024-35896?

A vulnerability in the Linux kernel's netfilter subsystem allows an attacker to exploit user input without proper length validation, leading to potential buffer overflow conditions. This issue is triggered by the setsockopt() function, where the optlen argument is disregarded, resulting in a risk of reading beyond allocated memory boundaries. Affected areas include critical network functionalities, raising concerns over memory corruption and system stability. The vulnerability surfaced in recent syzbot reports, highlighting the need for urgent scrutiny and patches to avoid exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0f038242b77ddfc505bf4163d4904c1abd2e74d6

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 440e948cf0eff32cfe322dcbca3f2525354b159b

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 18aae2cb87e5faa9c5bd865260ceadac60d5a6c5

References

https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d...

https://git.kernel.org/stable/c/440e948cf0eff32cfe322dcbc...

https://git.kernel.org/stable/c/18aae2cb87e5faa9c5bd86526...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2024
Vulnerability Reserved
May 17, 2024

JSON

Linux