{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26849", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.182Z", "datePublished": "2024-04-17T10:14:20.184Z", "dateUpdated": "2024-12-19T08:48:39.029Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:48:39.029Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: add nla be16/32 types to minlen array\n\nBUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline]\nBUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline]\nBUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline]\nBUG: KMSAN: uninit-value in __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631\n nla_validate_range_unsigned lib/nlattr.c:222 [inline]\n nla_validate_int_range lib/nlattr.c:336 [inline]\n validate_nla lib/nlattr.c:575 [inline]\n...\n\nThe message in question matches this policy:\n\n [NFTA_TARGET_REV] = NLA_POLICY_MAX(NLA_BE32, 255),\n\nbut because NLA_BE32 size in minlen array is 0, the validation\ncode will read past the malformed (too small) attribute.\n\nNote: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing:\nthose likely should be added too."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["lib/nlattr.c"], "versions": [{"version": "ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f", "lessThan": "0ac219c4c3ab253f3981f346903458d20bacab32", "status": "affected", "versionType": "git"}, {"version": "ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f", "lessThan": "a2ab028151841cd833cb53eb99427e0cc990112d", "status": "affected", "versionType": "git"}, {"version": "ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f", "lessThan": "7a9d14c63b35f89563c5ecbadf918ad64979712d", "status": "affected", "versionType": "git"}, {"version": "ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f", "lessThan": "9a0d18853c280f6a0ee99f91619f2442a17a323a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["lib/nlattr.c"], "versions": [{"version": "6.1", "status": "affected"}, {"version": "0", "lessThan": "6.1", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.81", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.21", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.9", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/0ac219c4c3ab253f3981f346903458d20bacab32"}, {"url": "https://git.kernel.org/stable/c/a2ab028151841cd833cb53eb99427e0cc990112d"}, {"url": "https://git.kernel.org/stable/c/7a9d14c63b35f89563c5ecbadf918ad64979712d"}, {"url": "https://git.kernel.org/stable/c/9a0d18853c280f6a0ee99f91619f2442a17a323a"}], "title": "netlink: add nla be16/32 types to minlen array", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T19:19:12.793371Z", "id": "CVE-2024-26849", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T19:19:19.771Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:13.697Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0ac219c4c3ab253f3981f346903458d20bacab32", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a2ab028151841cd833cb53eb99427e0cc990112d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7a9d14c63b35f89563c5ecbadf918ad64979712d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9a0d18853c280f6a0ee99f91619f2442a17a323a", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0ac219c4c3ab253f3981f346903458d20bacab32", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a2ab028151841cd833cb53eb99427e0cc990112d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7a9d14c63b35f89563c5ecbadf918ad64979712d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9a0d18853c280f6a0ee99f91619f2442a17a323a", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:14:13.697Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26849", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T19:19:12.793371Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T19:19:17.088Z"}}], "cna": {"title": "netlink: add nla be16/32 types to minlen array", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f", "lessThan": "0ac219c4c3ab253f3981f346903458d20bacab32", "versionType": "git"}, {"status": "affected", "version": "ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f", "lessThan": "a2ab028151841cd833cb53eb99427e0cc990112d", "versionType": "git"}, {"status": "affected", "version": "ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f", "lessThan": "7a9d14c63b35f89563c5ecbadf918ad64979712d", "versionType": "git"}, {"status": "affected", "version": "ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f", "lessThan": "9a0d18853c280f6a0ee99f91619f2442a17a323a", "versionType": "git"}], "programFiles": ["lib/nlattr.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.1"}, {"status": "unaffected", "version": "0", "lessThan": "6.1", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.81", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.21", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.9", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["lib/nlattr.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/0ac219c4c3ab253f3981f346903458d20bacab32"}, {"url": "https://git.kernel.org/stable/c/a2ab028151841cd833cb53eb99427e0cc990112d"}, {"url": "https://git.kernel.org/stable/c/7a9d14c63b35f89563c5ecbadf918ad64979712d"}, {"url": "https://git.kernel.org/stable/c/9a0d18853c280f6a0ee99f91619f2442a17a323a"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: add nla be16/32 types to minlen array\n\nBUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline]\nBUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline]\nBUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline]\nBUG: KMSAN: uninit-value in __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631\n nla_validate_range_unsigned lib/nlattr.c:222 [inline]\n nla_validate_int_range lib/nlattr.c:336 [inline]\n validate_nla lib/nlattr.c:575 [inline]\n...\n\nThe message in question matches this policy:\n\n [NFTA_TARGET_REV] = NLA_POLICY_MAX(NLA_BE32, 255),\n\nbut because NLA_BE32 size in minlen array is 0, the validation\ncode will read past the malformed (too small) attribute.\n\nNote: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing:\nthose likely should be added too."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:48:39.029Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26849", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:48:39.029Z", "dateReserved": "2024-02-19T14:20:24.182Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-17T10:14:20.184Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E09858F7-0609-4A1D-A0AB-695CCCEF8093", "versionEndExcluding": "6.1.81", "versionStartIncluding": "6.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B19074A2-9FE5-4E7D-9E2D-020F95013ADA", "versionEndExcluding": "6.6.21", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C538467-EDA0-4A9A-82EB-2925DE9FF827", "versionEndExcluding": "6.7.9", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*", "matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*", "matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*", "matchCriteriaId": "AEB9199B-AB8F-4877-8964-E2BA95B5F15C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: add nla be16/32 types to minlen array\n\nBUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline]\nBUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline]\nBUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline]\nBUG: KMSAN: uninit-value in __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631\n nla_validate_range_unsigned lib/nlattr.c:222 [inline]\n nla_validate_int_range lib/nlattr.c:336 [inline]\n validate_nla lib/nlattr.c:575 [inline]\n...\n\nThe message in question matches this policy:\n\n [NFTA_TARGET_REV] = NLA_POLICY_MAX(NLA_BE32, 255),\n\nbut because NLA_BE32 size in minlen array is 0, the validation\ncode will read past the malformed (too small) attribute.\n\nNote: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing:\nthose likely should be added too."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netlink: agregue tipos nla be16/32 a la matriz minlen ERROR: KMSAN: valor uninit en nla_validate_range_unsigned lib/nlattr.c:222 [en l\u00ednea] ERROR: KMSAN: valor uninit en nla_validate_int_range lib/nlattr.c:336 [en l\u00ednea] ERROR: KMSAN: valor uninit en validar_nla lib/nlattr.c:575 [en l\u00ednea] ERROR: KMSAN: valor uninit en __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631 nla_validate_range_unsigned lib/nlattr.c:222 [en l\u00ednea] nla_validate_int_range lib/nlattr.c:336 [en l\u00ednea] validar_nla lib/nlattr.c:575 [en l\u00ednea] ... El mensaje en cuesti\u00f3n coincide con esta pol\u00edtica: [NFTA_TARGET_REV] = NLA_POLICY_MAX( NLA_BE32, 255), pero debido a que el tama\u00f1o de NLA_BE32 en la matriz minlen es 0, el c\u00f3digo de validaci\u00f3n leer\u00e1 m\u00e1s all\u00e1 del atributo con formato incorrecto (demasiado peque\u00f1o). Nota: Tambi\u00e9n faltan otros atributos, por ejemplo, BITFIELD32, SINT, UINT...: probablemente tambi\u00e9n deber\u00edan agregarse."}], "id": "CVE-2024-26849", "lastModified": "2025-02-03T16:18:03.157", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-17T11:15:08.377", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0ac219c4c3ab253f3981f346903458d20bacab32"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7a9d14c63b35f89563c5ecbadf918ad64979712d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9a0d18853c280f6a0ee99f91619f2442a17a323a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a2ab028151841cd833cb53eb99427e0cc990112d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0ac219c4c3ab253f3981f346903458d20bacab32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7a9d14c63b35f89563c5ecbadf918ad64979712d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9a0d18853c280f6a0ee99f91619f2442a17a323a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a2ab028151841cd833cb53eb99427e0cc990112d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: netlink: add nla be16/32 types to minlen array", "id": "2275754", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275754"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetlink: add nla be16/32 types to minlen array\nBUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline]\nBUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline]\nBUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline]\nBUG: KMSAN: uninit-value in __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631\nnla_validate_range_unsigned lib/nlattr.c:222 [inline]\nnla_validate_int_range lib/nlattr.c:336 [inline]\nvalidate_nla lib/nlattr.c:575 [inline]\n...\nThe message in question matches this policy:\n[NFTA_TARGET_REV] = NLA_POLICY_MAX(NLA_BE32, 255),\nbut because NLA_BE32 size in minlen array is 0, the validation\ncode will read past the malformed (too small) attribute.\nNote: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing:\nthose likely should be added too.", "A vulnerability was found in the Linux kernel's netlink component, caused by missing size validations for big-endian integer types NLA_BE16 and NLA_BE32. A lack of proper checks means that if a malformed or too-small attribute is passed, it can lead to an out-of-bounds read, potentially causing system instability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-26849", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26849\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26849\nhttps://lore.kernel.org/linux-cve-announce/2024041754-CVE-2024-26849-9e3c@gregkh/T"], "statement": "Red Hat Enterprise Linux 8 and 9 are not affected by this vulnerability.", "threat_severity": "Low"}