CVE-2024-42154

MEDIUM EPSS 17.1%
Published Jul 30, 20241y ago · Modified Jun 17, 20262w ago
4.4 CVSS 3.1
Medium
Find Similar
Published Jul 30, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated).

CVSS Details

Base Score
4.4
Exploitability
1.8
Impact
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
17.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-754

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥3.14  –  <4.19.318
linuxlinux_kernel*≥4.20  –  <5.4.280
linuxlinux_kernel*≥5.5  –  <5.10.222
linuxlinux_kernel*≥5.11  –  <5.15.163
linuxlinux_kernel*≥5.16  –  <6.1.98
linuxlinux_kernel*≥6.2  –  <6.6.39
linuxlinux_kernel*≥6.7  –  <6.9.9
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any

References 13

  • openwall.com http://www.openwall.com/lists/oss-security/2024/09/24/3
  • openwall.com http://www.openwall.com/lists/oss-security/2024/09/24/4
  • openwall.com http://www.openwall.com/lists/oss-security/2024/09/25/3
  • git.kernel.org https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6
    Mailing ListPatch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • security.netapp.com https://security.netapp.com/advisory/ntap-20240828-0010/

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6
    Mailing ListPatch