CVE-2024-42154

Published: Jul 30, 2024Modified: Nov 3, 2025

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 1.8 / Impact: 2.5

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated).

Affected (13)

Products: Linux: Linux Kernel

1 product

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.14 to 4.19.318
Linux Linux Kernel	From 4.20 to 5.4.280
Linux Linux Kernel	From 5.11 to 5.15.163
Linux Linux Kernel	From 5.16 to 6.1.98
Linux Linux Kernel	From 5.5 to 5.10.222
Linux Linux Kernel	From 6.2 to 6.6.39
Linux Linux Kernel	From 6.7 to 6.9.9
Linux Linux Kernel	Version 6.10 rc1
Linux Linux Kernel	Version 6.10 rc2
Linux Linux Kernel	Version 6.10 rc3
Linux Linux Kernel	Version 6.10 rc4
Linux Linux Kernel	Version 6.10 rc5
Linux Linux Kernel	Version 6.10 rc6

Related CWEs

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (21)

https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing ListPatch

https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing ListPatch

https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing ListPatch

https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing ListPatch

https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing ListPatch

https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing ListPatch

https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing ListPatch

https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing ListPatch

http://www.openwall.com/lists/oss-security/2024/09/24/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2024/09/24/4

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2024/09/25/3

Source: af854a3a-2127-422b-91ae-364da2661108

https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20240828-0010/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.