CVE-2024-42154
MEDIUMLinux Kernel 3.14-6.9.8 - DoS via TCP Metrics Source Address Validation
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated).
References (13)
Core 13
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240828-0010/
Mailing List, Patch
https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9
Mailing List, Patch
https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c
Mailing List, Patch
https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98
Mailing List, Patch
https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6
Mailing List, Patch
https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3
Mailing List, Patch
https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99
Mailing List, Patch
https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321
Mailing List, Patch
https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff
Scores
CVSS v3
4.4
EPSS
0.0026
EPSS Percentile
16.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-754
Status
published
Products (27)
linux/Kernel
3.14.0 - 4.19.318linux
linux/Kernel
4.20.0 - 5.4.280linux
linux/Kernel
5.11.0 - 5.15.163linux
linux/Kernel
5.16.0 - 6.1.98linux
linux/Kernel
5.5.0 - 5.10.222linux
linux/Kernel
6.2.0 - 6.6.39linux
linux/Kernel
6.7.0 - 6.9.9linux
Linux/Linux
< 3.14
Linux/Linux
3.14
Linux/Linux
3e7013ddf55af7bc191792b8aea0c2b94fb0fef5 - 19d997b59fa1fd7a02e770ee0881c0652b9c32c9
... and 17 more
Published
Jul 30, 2024
Tracked Since
Feb 18, 2026