{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-35962", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.137Z", "datePublished": "2024-05-20T09:41:53.207Z", "dateUpdated": "2025-05-04T09:09:19.304Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:09:19.304Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: complete validation of user input\n\nIn my recent commit, I missed that do_replace() handlers\nuse copy_from_sockptr() (which I fixed), followed\nby unsafe copy_from_sockptr_offset() calls.\n\nIn all functions, we can perform the @optlen validation\nbefore even calling xt_alloc_table_info() with the following\ncheck:\n\nif ((u64)optlen < (u64)tmp.size + sizeof(tmp))\n return -EINVAL;"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/netfilter/arp_tables.c", "net/ipv4/netfilter/ip_tables.c", "net/ipv6/netfilter/ip6_tables.c"], "versions": [{"version": "0f038242b77ddfc505bf4163d4904c1abd2e74d6", "lessThan": "cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05", "status": "affected", "versionType": "git"}, {"version": "440e948cf0eff32cfe322dcbca3f2525354b159b", "lessThan": "97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7", "status": "affected", "versionType": "git"}, {"version": "18aae2cb87e5faa9c5bd865260ceadac60d5a6c5", "lessThan": "c760089aa98289b4b88a7ff5a62dd92845adf223", "status": "affected", "versionType": "git"}, {"version": "81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525", "lessThan": "89242d9584c342cb83311b598d9e6b82572eadf8", "status": "affected", "versionType": "git"}, {"version": "58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018", "lessThan": "562b7245131f6e9f1d280c8b5a8750f03edfc05c", "status": "affected", "versionType": "git"}, {"version": "0c83842df40f86e529db6842231154772c20edcc", "lessThan": "65acf6e0501ac8880a4f73980d01b5d27648b956", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/netfilter/arp_tables.c", "net/ipv4/netfilter/ip_tables.c", "net/ipv6/netfilter/ip6_tables.c"], "versions": [{"version": "5.10.215", "lessThan": "5.10.216", "status": "affected", "versionType": "semver"}, {"version": "5.15.154", "lessThan": "5.15.156", "status": "affected", "versionType": "semver"}, {"version": "6.1.85", "lessThan": "6.1.87", "status": "affected", "versionType": "semver"}, {"version": "6.6.26", "lessThan": "6.6.28", "status": "affected", "versionType": "semver"}, {"version": "6.8.5", "lessThan": "6.8.7", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.215", "versionEndExcluding": "5.10.216"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.154", "versionEndExcluding": "5.15.156"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.85", "versionEndExcluding": "6.1.87"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.26", "versionEndExcluding": "6.6.28"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8.5", "versionEndExcluding": "6.8.7"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05"}, {"url": "https://git.kernel.org/stable/c/97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7"}, {"url": "https://git.kernel.org/stable/c/c760089aa98289b4b88a7ff5a62dd92845adf223"}, {"url": "https://git.kernel.org/stable/c/89242d9584c342cb83311b598d9e6b82572eadf8"}, {"url": "https://git.kernel.org/stable/c/562b7245131f6e9f1d280c8b5a8750f03edfc05c"}, {"url": "https://git.kernel.org/stable/c/65acf6e0501ac8880a4f73980d01b5d27648b956"}], "title": "netfilter: complete validation of user input", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:49.038Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c760089aa98289b4b88a7ff5a62dd92845adf223", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/89242d9584c342cb83311b598d9e6b82572eadf8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/562b7245131f6e9f1d280c8b5a8750f03edfc05c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/65acf6e0501ac8880a4f73980d01b5d27648b956", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35962", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:40:32.586631Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:14.037Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c760089aa98289b4b88a7ff5a62dd92845adf223", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/89242d9584c342cb83311b598d9e6b82572eadf8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/562b7245131f6e9f1d280c8b5a8750f03edfc05c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/65acf6e0501ac8880a4f73980d01b5d27648b956", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:49.038Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35962", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:40:32.586631Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:15.574Z"}}], "cna": {"title": "netfilter: complete validation of user input", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "0f038242b77ddfc505bf4163d4904c1abd2e74d6", "lessThan": "cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05", "versionType": "git"}, {"status": "affected", "version": "440e948cf0eff32cfe322dcbca3f2525354b159b", "lessThan": "97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7", "versionType": "git"}, {"status": "affected", "version": "18aae2cb87e5faa9c5bd865260ceadac60d5a6c5", "lessThan": "c760089aa98289b4b88a7ff5a62dd92845adf223", "versionType": "git"}, {"status": "affected", "version": "81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525", "lessThan": "89242d9584c342cb83311b598d9e6b82572eadf8", "versionType": "git"}, {"status": "affected", "version": "58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018", "lessThan": "562b7245131f6e9f1d280c8b5a8750f03edfc05c", "versionType": "git"}, {"status": "affected", "version": "0c83842df40f86e529db6842231154772c20edcc", "lessThan": "65acf6e0501ac8880a4f73980d01b5d27648b956", "versionType": "git"}], "programFiles": ["net/ipv4/netfilter/arp_tables.c", "net/ipv4/netfilter/ip_tables.c", "net/ipv6/netfilter/ip6_tables.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10.215", "lessThan": "5.10.216", "versionType": "semver"}, {"status": "affected", "version": "5.15.154", "lessThan": "5.15.156", "versionType": "semver"}, {"status": "affected", "version": "6.1.85", "lessThan": "6.1.87", "versionType": "semver"}, {"status": "affected", "version": "6.6.26", "lessThan": "6.6.28", "versionType": "semver"}, {"status": "affected", "version": "6.8.5", "lessThan": "6.8.7", "versionType": "semver"}], "programFiles": ["net/ipv4/netfilter/arp_tables.c", "net/ipv4/netfilter/ip_tables.c", "net/ipv6/netfilter/ip6_tables.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://git.kernel.org/stable/c/cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05"}, {"url": "https://git.kernel.org/stable/c/97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7"}, {"url": "https://git.kernel.org/stable/c/c760089aa98289b4b88a7ff5a62dd92845adf223"}, {"url": "https://git.kernel.org/stable/c/89242d9584c342cb83311b598d9e6b82572eadf8"}, {"url": "https://git.kernel.org/stable/c/562b7245131f6e9f1d280c8b5a8750f03edfc05c"}, {"url": "https://git.kernel.org/stable/c/65acf6e0501ac8880a4f73980d01b5d27648b956"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: complete validation of user input\n\nIn my recent commit, I missed that do_replace() handlers\nuse copy_from_sockptr() (which I fixed), followed\nby unsafe copy_from_sockptr_offset() calls.\n\nIn all functions, we can perform the @optlen validation\nbefore even calling xt_alloc_table_info() with the following\ncheck:\n\nif ((u64)optlen < (u64)tmp.size + sizeof(tmp))\n return -EINVAL;"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.216", "versionStartIncluding": "5.10.215"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.156", "versionStartIncluding": "5.15.154"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.87", "versionStartIncluding": "6.1.85"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.28", "versionStartIncluding": "6.6.26"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8.7", "versionStartIncluding": "6.8.5"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:09:19.304Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35962", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:09:19.304Z", "dateReserved": "2024-05-17T13:50:33.137Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-20T09:41:53.207Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: complete validation of user input\n\nIn my recent commit, I missed that do_replace() handlers\nuse copy_from_sockptr() (which I fixed), followed\nby unsafe copy_from_sockptr_offset() calls.\n\nIn all functions, we can perform the @optlen validation\nbefore even calling xt_alloc_table_info() with the following\ncheck:\n\nif ((u64)optlen < (u64)tmp.size + sizeof(tmp))\n return -EINVAL;"}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netfilter: validaci\u00f3n completa de la entrada del usuario En mi confirmaci\u00f3n reciente, omit\u00ed que los controladores do_replace() usan copy_from_sockptr() (que arregl\u00e9), seguido de llamadas inseguras copy_from_sockptr_offset(). En todas las funciones, podemos realizar la validaci\u00f3n @optlen incluso antes de llamar a xt_alloc_table_info() con la siguiente comprobaci\u00f3n: if ((u64)optlen &lt; (u64)tmp.size + sizeof(tmp)) return -EINVAL;"}], "id": "CVE-2024-35962", "lastModified": "2024-11-21T09:21:18.400", "metrics": {}, "published": "2024-05-20T10:15:11.327", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/562b7245131f6e9f1d280c8b5a8750f03edfc05c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/65acf6e0501ac8880a4f73980d01b5d27648b956"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/89242d9584c342cb83311b598d9e6b82572eadf8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c760089aa98289b4b88a7ff5a62dd92845adf223"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/562b7245131f6e9f1d280c8b5a8750f03edfc05c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/65acf6e0501ac8880a4f73980d01b5d27648b956"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/89242d9584c342cb83311b598d9e6b82572eadf8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/c760089aa98289b4b88a7ff5a62dd92845adf223"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5928", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.33.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-28T00:00:00Z"}, {"advisory": "RHSA-2024:5928", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.33.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-28T00:00:00Z"}, {"advisory": "RHSA-2024:5066", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.77.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-07T00:00:00Z"}, {"advisory": "RHSA-2024:5067", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.77.1.rt14.362.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-08-07T00:00:00Z"}], "bugzilla": {"description": "kernel: netfilter: complete validation of user input", "id": "2281916", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281916"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: complete validation of user input\nIn my recent commit, I missed that do_replace() handlers\nuse copy_from_sockptr() (which I fixed), followed\nby unsafe copy_from_sockptr_offset() calls.\nIn all functions, we can perform the @optlen validation\nbefore even calling xt_alloc_table_info() with the following\ncheck:\nif ((u64)optlen < (u64)tmp.size + sizeof(tmp))\nreturn -EINVAL;"], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35962", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35962\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35962\nhttps://lore.kernel.org/linux-cve-announce/2024052020-CVE-2024-35962-e5ce@gregkh/T"], "threat_severity": "Moderate"}

{}