CVE-2024-56783— netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-56783
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level cgroup maximum depth is INT_MAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove unnecessary WARN_ON_ONCE which is reachable from userspace.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于netfilter模块中的nft_socket组件对cgroup最大层级的警告处理不当,存在不必要的WARN_ON_ONCE,可能被用户空间触发,影响系统的稳定性。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-56783
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-56783
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-01-08 · 16 CVEs total
| CVE-2024-56770 | net/sched: netem: account for backlog updates from child qdisc | |
| CVE-2024-56771 | mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information | |
| CVE-2024-56773 | kunit: Fix potential null dereference in kunit_device_driver_test() | |
| CVE-2024-56772 | kunit: string-stream: Fix a UAF bug in kunit_init_suite() | |
| CVE-2024-56774 | btrfs: add a sanity check for btrfs root in btrfs_search_slot() | |
| CVE-2024-56775 | drm/amd/display: Fix handling of plane refcount | |
| CVE-2024-56776 | drm/sti: avoid potential dereference of error pointers | |
| CVE-2024-56777 | drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check | |
| CVE-2024-56778 | drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check | |
| CVE-2024-56779 | nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur | |
| CVE-2024-56780 | quota: flush quota_release_work upon quota writeback | |
| CVE-2024-56782 | ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration() | |
| CVE-2024-56785 | MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a | |
| CVE-2024-56784 | drm/amd/display: Adding array index check to prevent memory corruption | |
| CVE-2024-56787 | soc: imx8m: Probe the SoC driver as platform driver |
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2024-56783
No comments yet