CVE-2024-53141

Updated: 2025-01-14 17:58:50.102046

Description:

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2025:1738671431 2025-02-05 02:15:52
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Released CLSA-2025:1738670922 2025-02-05 02:15:53
CentOS 7 ELS kernel 3.10.0 7.8 HIGH In Rollout CLSA-2025:1738672047 2025-02-05 02:15:51
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH In Testing 2025-02-04 02:13:52
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH In Testing 2025-02-05 02:15:52
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1738592614 2025-02-04 02:13:51
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Needs Triage 2025-01-14 13:50:19
Oracle Linux 7 ELS kernel 3.10.0 7.8 HIGH Needs Triage 2025-01-14 13:50:18
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.8 HIGH Released CLSA-2025:1738696174 2025-02-05 02:18:48
Ubuntu 16.04 ELS linux 4.4.0 7.8 HIGH Released CLSA-2025:1738957378 2025-02-07 22:57:26
Total: 11