Buffer Initialization Issue in Linux Kernel Netfilter Leading to Set Matching Errors
CVE-2024-57947

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 23 January 2025

Summary

A vulnerability in the Linux kernel's Netfilter component affects the initial buffer initialization for pipapo map fills. The flaw occurs when the initial buffer is not properly set, leading to potential incorrect matching results when the size of the first element in a set is smaller than the maximum allowed size. This misconfiguration can cause improper results to propagate during subsequent rounds of matching, potentially compromising data integrity. A follow-up patch has been introduced to improve the self-test script, ensuring more robust validation of this functionality.

Affected Version(s)

Linux 3c4287f62044a90e73a561aa05fc46e62da173da < 957a4d1c4c5849e4515c9fb4db21bf85318103dc

Linux 3c4287f62044a90e73a561aa05fc46e62da173da < 9625c46ce6fd4f922595a4b32b1de5066d70464f

Linux 3c4287f62044a90e73a561aa05fc46e62da173da < 69b6a67f7052905e928d75a0c5871de50e686986

References

https://git.kernel.org/stable/c/957a4d1c4c5849e4515c9fb4d...

https://git.kernel.org/stable/c/9625c46ce6fd4f922595a4b32...

https://git.kernel.org/stable/c/69b6a67f7052905e928d75a0c...

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Jan 19, 2025