CVE-2024-42154

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-42154
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42154.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-42154
Downstream
Related
Published
2024-07-30T07:46:51.456Z
Modified
2026-03-20T12:38:43.389194Z
Summary
tcp_metrics: validate source addr length
Details

In the Linux kernel, the following vulnerability has been resolved:

tcp_metrics: validate source addr length

I don't see anything checking that TCPMETRICSATTRSADDRIPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated).

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42154.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3e7013ddf55af7bc191792b8aea0c2b94fb0fef5
Fixed
19d997b59fa1fd7a02e770ee0881c0652b9c32c9
Fixed
2a2e79dbe2236a1289412d2044994f7ab419b44c
Fixed
cdffc358717e436bb67122bb82c1a2a26e050f98
Fixed
ef7c428b425beeb52b894e16f1c4b629d6cebfb6
Fixed
31f03bb04146c1c6df6c03e9f45401f5f5a985d3
Fixed
8c2debdd170e395934ac0e039748576dfde14e99
Fixed
3d550dd5418729a6e77fe7721d27adea7152e321
Fixed
66be40e622e177316ae81717aa30057ba9e61dff

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42154.json"