CVE-2024-56650

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-56650
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56650.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-56650
Downstream
Related
Published
2024-12-27T15:02:50.098Z
Modified
2026-05-28T03:55:30.714370291Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
netfilter: x_tables: fix LED ID check in led_tg_check()
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xtables: fix LED ID check in ledtg_check()

Syzbot has reported the following BUG detected by KASAN:

BUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70 Read of size 1 at addr ffff8881022da0c8 by task repro/5879 ... Call Trace: <TASK> dumpstacklvl+0x241/0x360 ? __pfxdumpstack_lvl+0x10/0x10 ? pfxprintk+0x10/0x10 ? _printk+0xd5/0x120 ? __virtaddrvalid+0x183/0x530 ? __virtaddrvalid+0x183/0x530 print_report+0x169/0x550 ? __virtaddrvalid+0x183/0x530 ? __virtaddrvalid+0x183/0x530 ? __virtaddrvalid+0x45f/0x530 ? __physaddr+0xba/0x170 ? strlen+0x58/0x70 kasanreport+0x143/0x180 ? strlen+0x58/0x70 strlen+0x58/0x70 kstrdup+0x20/0x80 ledtgcheck+0x18b/0x3c0 xtchecktarget+0x3bb/0xa40 ? __pfxxtchecktarget+0x10/0x10 ? stackdepotsaveflags+0x6e4/0x830 ? nfttargetinit+0x174/0xc30 nfttargetinit+0x82d/0xc30 ? __pfxnfttargetinit+0x10/0x10 ? nftablesnewrule+0x1609/0x2980 ? nftablesnewrule+0x1609/0x2980 ? rcuiswatching+0x15/0xb0 ? nftablesnewrule+0x1609/0x2980 ? nftables_newrule+0x1609/0x2980 ? __kmallocnoprof+0x21a/0x400 nftables_newrule+0x1860/0x2980 ? __pfxnftables_newrule+0x10/0x10 ? __nlaparse+0x40/0x60 nfnetlinkrcv+0x14e5/0x2ab0 ? __pfxvalidatechain+0x10/0x10 ? __pfxnfnetlinkrcv+0x10/0x10 ? __lockacquire+0x1384/0x2050 ? netlinkdeliver_tap+0x2e/0x1b0 ? __pfxlockrelease+0x10/0x10 ? netlinkdelivertap+0x2e/0x1b0 netlink_unicast+0x7f8/0x990 ? __pfxnetlinkunicast+0x10/0x10 ? __virtaddrvalid+0x183/0x530 ? __checkobjectsize+0x48e/0x900 netlink_sendmsg+0x8e4/0xcb0 ? __pfxnetlinksendmsg+0x10/0x10 ? aasockmsg_perm+0x91/0x160 ? __pfxnetlinksendmsg+0x10/0x10 __sock_sendmsg+0x223/0x270 ____syssendmsg+0x52a/0x7e0 ? pfx__sys_sendmsg+0x10/0x10 __syssendmsg+0x292/0x380 ? pfxsyssendmsg+0x10/0x10 ? lockdephardirqsonprepare+0x43d/0x780 ? __pfxlockdephardirqsonprepare+0x10/0x10 ? excpagefault+0x590/0x8c0 ? dosyscall64+0xb6/0x230 dosyscall64+0xf3/0x230 entrySYSCALL64afterhwframe+0x77/0x7f ... </TASK>

Since an invalid (without '\0' byte at all) byte sequence may be passed from userspace, add an extra check to ensure that such a sequence is rejected as possible ID and so never passed to 'kstrdup()' and further.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56650.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
268cb38e1802db560c73167e643f14a3dcb4b07c
Fixed
147a42bb02de8735cb08476be6d0917987d022c2
Fixed
ad28612ebae1fcc1104bd432e99e99d87f6bfe09
Fixed
36a9d94dac28beef6b8abba46ba8874320d3e800
Fixed
ab9916321c95f5280b72b4c5055e269f98627efe
Fixed
a9bcc0b70d9baf3ff005874489a0dc9d023b54c3
Fixed
c40c96d98e536fc1daaa125c2332b988615e30a4
Fixed
04317f4eb2aad312ad85c1a17ad81fe75f1f9bc7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56650.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.30
Fixed
5.4.287
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.231
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.174
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.120
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.66
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56650.json"