CVE-2024-50142

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-50142
In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf7908950a ("xfrm: Validate address prefix lengths in the xfrm selector.") syzbot created an SA with usersa.sel.family = AF_UNSPEC usersa.sel.prefixlen_s = 128 usersa.family = AF_INET Because of the AF_UNSPEC selector, verify_newsa_info doesn't put limits on prefixlen_{s,d}. But then copy_from_user_state sets x->sel.family to usersa.family (AF_INET). Do the same conversion in verify_newsa_info before validating prefixlen_{s,d}, since that's how prefixlen is going to be used later on.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/2d08a6c31c65f23db71a5385ee9cf9d8f9a67a71 Patch
https://git.kernel.org/stable/c/3f0ab59e6537c6a8f9e1b355b48f9c05a76e8563 Patch
https://git.kernel.org/stable/c/401ad99a5ae7180dd9449eac104cb755f442e7f3 Patch
https://git.kernel.org/stable/c/7d9868180bd1e4cf37e7c5067362658971162366 Patch
https://git.kernel.org/stable/c/8df5cd51fd70c33aa1776e5cbcd82b0a86649d73 Patch
https://git.kernel.org/stable/c/bce1afaa212ec380bf971614f70909a27882b862 Patch
https://git.kernel.org/stable/c/e68dd80ba498265d2266b12dc3459164f4ff0c4a Patch
https://git.kernel.org/stable/c/f31398570acf0f0804c644006f7bfa9067106b0a Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
History

03 Nov 2025, 23:16

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html -

03 Nov 2025, 21:17

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html -
Information

Published : 2024-11-07 10:15

Updated : 2025-11-03 23:16

NVD link : CVE-2024-50142

Mitre link : CVE-2024-50142

CVE.ORG link : CVE-2024-50142

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
NVD-CWE-noinfo