Input Validation Vulnerability in Linux Kernel's Networking Components
CVE-2024-49571

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

Summary

In the Linux kernel, an input validation vulnerability exists when handling proposal messages within the networking subsystem. Specifically, the fields iparea_offset and ipv6_prefixes_cnt, which are sourced from a remote client, cannot be fully trusted. If iparea_offset surpasses its maximum value, it could lead to accessing incorrect memory addresses, potentially causing a system crash. The recently implemented patch introduces checks for both iparea_offset and ipv6_prefixes_cnt prior to their usage, enhancing the robustness of the networking code against malicious proposals.

Affected Version(s)

Linux e7b7a64a8493d47433fd003efbe6543e3f676294 < 846bada23bfcdeb83621b045ed85dc06c7833ff0

Linux e7b7a64a8493d47433fd003efbe6543e3f676294

Linux e7b7a64a8493d47433fd003efbe6543e3f676294 < 62056d1592e63d85e82357ee2ae6a6a294f440b0

References

https://git.kernel.org/stable/c/846bada23bfcdeb83621b045e...

https://git.kernel.org/stable/c/f10635268a0a49ee902a3b63b...

https://git.kernel.org/stable/c/62056d1592e63d85e82357ee2...

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 11, 2025