CVE-2024-56650
- Source
- https://cve.org/CVERecord?id=CVE-2024-56650
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56650.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-56650
- Downstream
- Related
- Published
- 2024-12-27T15:02:50.098Z
- Modified
- 2026-03-11T07:47:24.785854099Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- netfilter: x_tables: fix LED ID check in led_tg_check()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xtables: fix LED ID check in ledtg_check()
Syzbot has reported the following BUG detected by KASAN:
BUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70 Read of size 1 at addr ffff8881022da0c8 by task repro/5879 ... Call Trace: <TASK> dumpstacklvl+0x241/0x360 ? __pfxdumpstack_lvl+0x10/0x10 ? pfxprintk+0x10/0x10 ? _printk+0xd5/0x120 ? __virtaddrvalid+0x183/0x530 ? __virtaddrvalid+0x183/0x530 print_report+0x169/0x550 ? __virtaddrvalid+0x183/0x530 ? __virtaddrvalid+0x183/0x530 ? __virtaddrvalid+0x45f/0x530 ? __physaddr+0xba/0x170 ? strlen+0x58/0x70 kasanreport+0x143/0x180 ? strlen+0x58/0x70 strlen+0x58/0x70 kstrdup+0x20/0x80 ledtgcheck+0x18b/0x3c0 xtchecktarget+0x3bb/0xa40 ? __pfxxtchecktarget+0x10/0x10 ? stackdepotsaveflags+0x6e4/0x830 ? nfttargetinit+0x174/0xc30 nfttargetinit+0x82d/0xc30 ? __pfxnfttargetinit+0x10/0x10 ? nftablesnewrule+0x1609/0x2980 ? nftablesnewrule+0x1609/0x2980 ? rcuiswatching+0x15/0xb0 ? nftablesnewrule+0x1609/0x2980 ? nftables_newrule+0x1609/0x2980 ? __kmallocnoprof+0x21a/0x400 nftables_newrule+0x1860/0x2980 ? __pfxnftables_newrule+0x10/0x10 ? __nlaparse+0x40/0x60 nfnetlinkrcv+0x14e5/0x2ab0 ? __pfxvalidatechain+0x10/0x10 ? __pfxnfnetlinkrcv+0x10/0x10 ? __lockacquire+0x1384/0x2050 ? netlinkdeliver_tap+0x2e/0x1b0 ? __pfxlockrelease+0x10/0x10 ? netlinkdelivertap+0x2e/0x1b0 netlink_unicast+0x7f8/0x990 ? __pfxnetlinkunicast+0x10/0x10 ? __virtaddrvalid+0x183/0x530 ? __checkobjectsize+0x48e/0x900 netlink_sendmsg+0x8e4/0xcb0 ? __pfxnetlinksendmsg+0x10/0x10 ? aasockmsg_perm+0x91/0x160 ? __pfxnetlinksendmsg+0x10/0x10 __sock_sendmsg+0x223/0x270 ____syssendmsg+0x52a/0x7e0 ? pfx__sys_sendmsg+0x10/0x10 __syssendmsg+0x292/0x380 ? pfxsyssendmsg+0x10/0x10 ? lockdephardirqsonprepare+0x43d/0x780 ? __pfxlockdephardirqsonprepare+0x10/0x10 ? excpagefault+0x590/0x8c0 ? dosyscall64+0xb6/0x230 dosyscall64+0xf3/0x230 entrySYSCALL64afterhwframe+0x77/0x7f ... </TASK>
Since an invalid (without '\0' byte at all) byte sequence may be passed from userspace, add an extra check to ensure that such a sequence is rejected as possible ID and so never passed to 'kstrdup()' and further.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56650.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/04317f4eb2aad312ad85c1a17ad81fe75f1f9bc7
- https://git.kernel.org/stable/c/147a42bb02de8735cb08476be6d0917987d022c2
- https://git.kernel.org/stable/c/36a9d94dac28beef6b8abba46ba8874320d3e800
- https://git.kernel.org/stable/c/a9bcc0b70d9baf3ff005874489a0dc9d023b54c3
- https://git.kernel.org/stable/c/ab9916321c95f5280b72b4c5055e269f98627efe
- https://git.kernel.org/stable/c/ad28612ebae1fcc1104bd432e99e99d87f6bfe09
- https://git.kernel.org/stable/c/c40c96d98e536fc1daaa125c2332b988615e30a4
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56650.json
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-56650
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced268cb38e1802db560c73167e643f14a3dcb4b07cFixed147a42bb02de8735cb08476be6d0917987d022c2Fixedad28612ebae1fcc1104bd432e99e99d87f6bfe09Fixed36a9d94dac28beef6b8abba46ba8874320d3e800Fixedab9916321c95f5280b72b4c5055e269f98627efeFixeda9bcc0b70d9baf3ff005874489a0dc9d023b54c3Fixedc40c96d98e536fc1daaa125c2332b988615e30a4Fixed04317f4eb2aad312ad85c1a17ad81fe75f1f9bc7