CVE-2024-53141

HIGH

Linux Kernel - Denial of Service via Missing Range Check in bitmap_ip_uadt

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.

References (11)

Core 11
Core References

Scores

CVSS v3 7.8
EPSS 0.0004
EPSS Percentile 11.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (29)
linux/Kernel 2.6.39 - 4.19.325linux
linux/Kernel 4.20.0 - 5.4.287linux
linux/Kernel 5.11.0 - 5.15.174linux
linux/Kernel 5.16.0 - 6.1.120linux
linux/Kernel 5.5.0 - 5.10.231linux
linux/Kernel 6.12.0 - 6.12.2linux
linux/Kernel 6.2.0 - 6.6.64linux
linux/Kernel 6.7.0 - 6.11.11linux
Linux/Linux < 2.6.39
Linux/Linux 2.6.39
... and 19 more
Published Dec 06, 2024
Tracked Since Feb 18, 2026