CVE-2024-50142

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-50142
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50142.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-50142
Downstream
Related
Published
2024-11-07T09:31:19.415Z
Modified
2026-05-15T11:53:31.003849450Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
xfrm: validate new SA's prefixlen using SA family when sel.family is unset
Details

In the Linux kernel, the following vulnerability has been resolved:

xfrm: validate new SA's prefixlen using SA family when sel.family is unset

This expands the validation introduced in commit 07bf7908950a ("xfrm: Validate address prefix lengths in the xfrm selector.")

syzbot created an SA with usersa.sel.family = AFUNSPEC usersa.sel.prefixlens = 128 usersa.family = AF_INET

Because of the AFUNSPEC selector, verifynewsainfo doesn't put limits on prefixlen{s,d}. But then copyfromuserstate sets x->sel.family to usersa.family (AFINET). Do the same conversion in verifynewsainfo before validating prefixlen_{s,d}, since that's how prefixlen is going to be used later on.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50142.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.12
Fixed
4.19.323
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.285
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.229
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.170
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.115
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.59
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.11.6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50142.json"