CVE-2024-26849
- Source
- https://cve.org/CVERecord?id=CVE-2024-26849
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26849.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-26849
- Downstream
- Related
- Published
- 2024-04-17T10:14:20.184Z
- Modified
- 2026-04-19T04:15:58.550509Z
- Summary
- netlink: add nla be16/32 types to minlen array
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netlink: add nla be16/32 types to minlen array
BUG: KMSAN: uninit-value in nlavalidaterangeunsigned lib/nlattr.c:222 [inline] BUG: KMSAN: uninit-value in nlavalidateintrange lib/nlattr.c:336 [inline] BUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline] BUG: KMSAN: uninit-value in _nlavalidateparse+0x2e20/0x45c0 lib/nlattr.c:631 nlavalidaterangeunsigned lib/nlattr.c:222 [inline] nlavalidateintrange lib/nlattr.c:336 [inline] validatenla lib/nlattr.c:575 [inline] ...
The message in question matches this policy:
[NFTATARGETREV] = NLAPOLICYMAX(NLA_BE32, 255),
but because NLA_BE32 size in minlen array is 0, the validation code will read past the malformed (too small) attribute.
Note: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing: those likely should be added too.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26849.json" }- References
-
- https://git.kernel.org/stable/c/000a68159c0326b46c42ec712ab98793e7e625a7
- https://git.kernel.org/stable/c/0ac219c4c3ab253f3981f346903458d20bacab32
- https://git.kernel.org/stable/c/7a9d14c63b35f89563c5ecbadf918ad64979712d
- https://git.kernel.org/stable/c/80b40f9cb87f3bf5877dfb852765cf92bc03ca77
- https://git.kernel.org/stable/c/9a0d18853c280f6a0ee99f91619f2442a17a323a
- https://git.kernel.org/stable/c/a2ab028151841cd833cb53eb99427e0cc990112d
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26849.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-26849
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced24ea1c8abaae6541ad95912422a9af4fb858428dFixed000a68159c0326b46c42ec712ab98793e7e625a7
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedcbfac0add2afe8960a09806012313765a2179423Fixed80b40f9cb87f3bf5877dfb852765cf92bc03ca77
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedecaf75ffd5f5db320d8b1da0198eef5a5ce64a3fFixed0ac219c4c3ab253f3981f346903458d20bacab32Fixeda2ab028151841cd833cb53eb99427e0cc990112dFixed7a9d14c63b35f89563c5ecbadf918ad64979712dFixed9a0d18853c280f6a0ee99f91619f2442a17a323a