CVE-2024-27016

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use a helper function to access protocol field.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/87b3593bed1868b2d9fe096c01bcdf0ea86cbebf	Patch
https://git.kernel.org/stable/c/8bf7c76a2a207ca2b4cfda0a279192adf27678d7	Patch
https://git.kernel.org/stable/c/a2471d271042ea18e8a6babc132a8716bb2f08b9	Patch
https://git.kernel.org/stable/c/cf366ee3bc1b7d1c76a882640ba3b3f8f1039163	Patch
https://git.kernel.org/stable/c/d06977b9a4109f8738bb276125eb6a0b772bc433	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc4::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*

History

23 May 2024, 19:33

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux Fedoraproject Fedoraproject fedora
CPE		cpe:2.3:o:fedoraproject:fedora:40:::::::* cpe:2.3:o:linux:linux_kernel:6.9:rc4:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:linux:linux_kernel:6.9:rc3:::::: cpe:2.3:o:fedoraproject:fedora:38:::::::* cpe:2.3:o:linux:linux_kernel:6.9:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.9:rc2::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/87b3593bed1868b2d9fe096c01bcdf0ea86cbebf -~~	() https://git.kernel.org/stable/c/87b3593bed1868b2d9fe096c01bcdf0ea86cbebf - Patch
References	~~() https://git.kernel.org/stable/c/8bf7c76a2a207ca2b4cfda0a279192adf27678d7 -~~	() https://git.kernel.org/stable/c/8bf7c76a2a207ca2b4cfda0a279192adf27678d7 - Patch
References	~~() https://git.kernel.org/stable/c/a2471d271042ea18e8a6babc132a8716bb2f08b9 -~~	() https://git.kernel.org/stable/c/a2471d271042ea18e8a6babc132a8716bb2f08b9 - Patch
References	~~() https://git.kernel.org/stable/c/cf366ee3bc1b7d1c76a882640ba3b3f8f1039163 -~~	() https://git.kernel.org/stable/c/cf366ee3bc1b7d1c76a882640ba3b3f8f1039163 - Patch
References	~~() https://git.kernel.org/stable/c/d06977b9a4109f8738bb276125eb6a0b772bc433 -~~	() https://git.kernel.org/stable/c/d06977b9a4109f8738bb276125eb6a0b772bc433 - Patch
CWE		NVD-CWE-noinfo

13 May 2024, 08:15

Type	Values Removed	Values Added
References	~~{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~ ~~{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~ ~~{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}~~

03 May 2024, 03:16

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/ -
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: flowtable: validar encabezado pppoe Asegúrese de que haya suficiente espacio para acceder al campo de protocolo del encabezado PPPoe. Valídelo una vez antes de la búsqueda de la tabla de flujo, luego use una función auxiliar para acceder al campo de protocolo.

01 May 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-01 06:15

Updated : 2024-05-23 19:33

NVD link : CVE-2024-27016

Mitre link : CVE-2024-27016

CVE.ORG link : CVE-2024-27016

JSON object : View

Products Affected

fedoraproject

fedora

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10