SB20241022263 - Buffer overflow in Linux kernel ipv4 netfilter

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2024-49952)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nf_dup_ipv6_route() and nf_dup_ipv6() functions in net/ipv6/netfilter/nf_dup_ipv6.c, within the nf_dup_ipv4() function in net/ipv4/netfilter/nf_dup_ipv4.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/531754952f5dfc4b141523088147071d6e6112c4
• https://git.kernel.org/stable/c/38e3fd0c4a2616052eb3c8f4e6f32d1ff47cd663
• https://git.kernel.org/stable/c/b40b027a0c0cc1cb9471a13f9730bb2fff12a15b
• https://git.kernel.org/stable/c/4e3542f40f3a94efa59ea328e307c50601ed7065
• https://git.kernel.org/stable/c/f839c5cd348201fec440d987cbca9b979bdb4fa7
• https://git.kernel.org/stable/c/752e1924604254f1708f3e3700283a86ebdd325d
• https://git.kernel.org/stable/c/92ceba94de6fb4cee2bf40b485979c342f44a492
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.323
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.227
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.168
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.285
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.113
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.14
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.55