SB2024070213 - Incorrect calculation in Linux kernel net netfilter
Published: July 2, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024070213
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Incorrect calculation (CVE-ID: CVE-2024-27017)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to incorrect calculation within the nft_pipapo_walk() function in net/netfilter/nft_set_pipapo.c, within the nft_map_deactivate(), nf_tables_bind_set(), nft_map_activate(), nf_tables_dump_set(), nft_set_flush() and nf_tables_check_loops() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/721715655c72640567e8742567520c99801148ed
- https://git.kernel.org/stable/c/29b359cf6d95fd60730533f7f10464e95bd17c73
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.227
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.168
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.112
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.53