Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-56650— netfilter: x_tables: fix LED ID check in led_tg_check()

EPSS 0.01% · P1
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-56650

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
netfilter: x_tables: fix LED ID check in led_tg_check()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() Syzbot has reported the following BUG detected by KASAN: BUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70 Read of size 1 at addr ffff8881022da0c8 by task repro/5879 ... Call Trace: <TASK> dump_stack_lvl+0x241/0x360 ? __pfx_dump_stack_lvl+0x10/0x10 ? __pfx__printk+0x10/0x10 ? _printk+0xd5/0x120 ? __virt_addr_valid+0x183/0x530 ? __virt_addr_valid+0x183/0x530 print_report+0x169/0x550 ? __virt_addr_valid+0x183/0x530 ? __virt_addr_valid+0x183/0x530 ? __virt_addr_valid+0x45f/0x530 ? __phys_addr+0xba/0x170 ? strlen+0x58/0x70 kasan_report+0x143/0x180 ? strlen+0x58/0x70 strlen+0x58/0x70 kstrdup+0x20/0x80 led_tg_check+0x18b/0x3c0 xt_check_target+0x3bb/0xa40 ? __pfx_xt_check_target+0x10/0x10 ? stack_depot_save_flags+0x6e4/0x830 ? nft_target_init+0x174/0xc30 nft_target_init+0x82d/0xc30 ? __pfx_nft_target_init+0x10/0x10 ? nf_tables_newrule+0x1609/0x2980 ? nf_tables_newrule+0x1609/0x2980 ? rcu_is_watching+0x15/0xb0 ? nf_tables_newrule+0x1609/0x2980 ? nf_tables_newrule+0x1609/0x2980 ? __kmalloc_noprof+0x21a/0x400 nf_tables_newrule+0x1860/0x2980 ? __pfx_nf_tables_newrule+0x10/0x10 ? __nla_parse+0x40/0x60 nfnetlink_rcv+0x14e5/0x2ab0 ? __pfx_validate_chain+0x10/0x10 ? __pfx_nfnetlink_rcv+0x10/0x10 ? __lock_acquire+0x1384/0x2050 ? netlink_deliver_tap+0x2e/0x1b0 ? __pfx_lock_release+0x10/0x10 ? netlink_deliver_tap+0x2e/0x1b0 netlink_unicast+0x7f8/0x990 ? __pfx_netlink_unicast+0x10/0x10 ? __virt_addr_valid+0x183/0x530 ? __check_object_size+0x48e/0x900 netlink_sendmsg+0x8e4/0xcb0 ? __pfx_netlink_sendmsg+0x10/0x10 ? aa_sock_msg_perm+0x91/0x160 ? __pfx_netlink_sendmsg+0x10/0x10 __sock_sendmsg+0x223/0x270 ____sys_sendmsg+0x52a/0x7e0 ? __pfx_____sys_sendmsg+0x10/0x10 __sys_sendmsg+0x292/0x380 ? __pfx___sys_sendmsg+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? exc_page_fault+0x590/0x8c0 ? do_syscall_64+0xb6/0x230 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... </TASK> Since an invalid (without '\0' byte at all) byte sequence may be passed from userspace, add an extra check to ensure that such a sequence is rejected as possible ID and so never passed to 'kstrdup()' and further.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于netfilter:x_tables模块中led_tg_check函数中LED ID检查不当。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 268cb38e1802db560c73167e643f14a3dcb4b07c ~ 147a42bb02de8735cb08476be6d0917987d022c2 -
LinuxLinux 2.6.30 -

II. Public POCs for CVE-2024-56650

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-56650

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-12-27 · 221 CVEs total

CVE-2024-56606af_packet: avoid erroring out after sock_init_data() in packet_create()
CVE-2024-56592bpf: Call free_htab_elem() after htab_unlock_bucket()
CVE-2024-56594drm/amdgpu: set the right AMDGPU sg segment limitation
CVE-2024-56595jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
CVE-2024-56596jfs: fix array-index-out-of-bounds in jfs_readdir
CVE-2024-56597jfs: fix shift-out-of-bounds in dbSplit
CVE-2024-56598jfs: array-index-out-of-bounds fix in dtReadFirst
CVE-2024-56599wifi: ath10k: avoid NULL pointer error during sdio remove
CVE-2024-56601net: inet: do not leave a dangling sk pointer in inet_create()
CVE-2024-56600net: inet6: do not leave a dangling sk pointer in inet6_create()
CVE-2024-56602net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
CVE-2024-56603net: af_can: do not leave a dangling sk pointer in can_create()
CVE-2024-56604Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()
CVE-2024-56605Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()
CVE-2024-56617cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU
CVE-2024-56614xsk: fix OOB map writes when deleting elements
CVE-2024-56615bpf: fix OOB devmap writes when deleting elements
CVE-2024-56616drm/dp_mst: Fix MST sideband message body length check
CVE-2024-56613sched/numa: fix memory leak due to the overwritten vma->numab_state
CVE-2024-56618pmdomain: imx: gpcv2: Adjust delay after power up handshake

Showing top 20 of 221 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2024-56650

No comments yet

Leave a comment