In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers.
History

Wed, 13 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9

Wed, 06 Nov 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/o:redhat:enterprise_linux:8
Vendors & Products Redhat
Redhat enterprise Linux

Wed, 11 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 19 Aug 2024 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-29T15:52:34.061Z

Updated: 2024-12-19T09:12:09.100Z

Reserved: 2024-07-29T15:50:41.168Z

Link: CVE-2024-42070

cve-icon Vulnrichment

Updated: 2024-08-02T04:54:31.272Z

cve-icon NVD

Status : Modified

Published: 2024-07-29T16:15:06.540

Modified: 2024-11-21T09:33:31.740

Link: CVE-2024-42070

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-07-29T00:00:00Z

Links: CVE-2024-42070 - Bugzilla