{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36270", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-21T10:13:16.302Z", "datePublished": "2024-06-21T10:18:07.026Z", "dateUpdated": "2025-05-04T09:11:00.764Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:11:00.764Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: tproxy: bail out if IP has been disabled on the device\n\nsyzbot reports:\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n[..]\nRIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62\nCall Trace:\n nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline]\n nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168\n\n__in_dev_get_rcu() can return NULL, so check for this."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/netfilter/nf_tproxy_ipv4.c"], "versions": [{"version": "cc6eb433856983e91071469c4ce57accb6947ccb", "lessThan": "10f0af5234dafd03d2b75233428ec3f11cf7e43d", "status": "affected", "versionType": "git"}, {"version": "cc6eb433856983e91071469c4ce57accb6947ccb", "lessThan": "07eeedafc59c45fe5de43958128542be3784764c", "status": "affected", "versionType": "git"}, {"version": "cc6eb433856983e91071469c4ce57accb6947ccb", "lessThan": "6fe5af4ff06db3d4d80e07a19356640428159f03", "status": "affected", "versionType": "git"}, {"version": "cc6eb433856983e91071469c4ce57accb6947ccb", "lessThan": "caf3a8afb5ea00db6d5398adf148d5534615fd80", "status": "affected", "versionType": "git"}, {"version": "cc6eb433856983e91071469c4ce57accb6947ccb", "lessThan": "570b4c52096e62fda562448f5760fd0ff06110f0", "status": "affected", "versionType": "git"}, {"version": "cc6eb433856983e91071469c4ce57accb6947ccb", "lessThan": "819bfeca16eb9ad647ddcae25e7e12c30612147c", "status": "affected", "versionType": "git"}, {"version": "cc6eb433856983e91071469c4ce57accb6947ccb", "lessThan": "21a673bddc8fd4873c370caf9ae70ffc6d47e8d3", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/netfilter/nf_tproxy_ipv4.c"], "versions": [{"version": "2.6.37", "status": "affected"}, {"version": "0", "lessThan": "2.6.37", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.278", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.219", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.161", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.93", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.33", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.4", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.37", "versionEndExcluding": "5.4.278"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.37", "versionEndExcluding": "5.10.219"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.37", "versionEndExcluding": "5.15.161"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.37", "versionEndExcluding": "6.1.93"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.37", "versionEndExcluding": "6.6.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.37", "versionEndExcluding": "6.9.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.37", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/10f0af5234dafd03d2b75233428ec3f11cf7e43d"}, {"url": "https://git.kernel.org/stable/c/07eeedafc59c45fe5de43958128542be3784764c"}, {"url": "https://git.kernel.org/stable/c/6fe5af4ff06db3d4d80e07a19356640428159f03"}, {"url": "https://git.kernel.org/stable/c/caf3a8afb5ea00db6d5398adf148d5534615fd80"}, {"url": "https://git.kernel.org/stable/c/570b4c52096e62fda562448f5760fd0ff06110f0"}, {"url": "https://git.kernel.org/stable/c/819bfeca16eb9ad647ddcae25e7e12c30612147c"}, {"url": "https://git.kernel.org/stable/c/21a673bddc8fd4873c370caf9ae70ffc6d47e8d3"}], "title": "netfilter: tproxy: bail out if IP has been disabled on the device", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:04.470Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/10f0af5234dafd03d2b75233428ec3f11cf7e43d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/07eeedafc59c45fe5de43958128542be3784764c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6fe5af4ff06db3d4d80e07a19356640428159f03", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/caf3a8afb5ea00db6d5398adf148d5534615fd80", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/570b4c52096e62fda562448f5760fd0ff06110f0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/819bfeca16eb9ad647ddcae25e7e12c30612147c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/21a673bddc8fd4873c370caf9ae70ffc6d47e8d3", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36270", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:09:41.037239Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:46.135Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/10f0af5234dafd03d2b75233428ec3f11cf7e43d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/07eeedafc59c45fe5de43958128542be3784764c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6fe5af4ff06db3d4d80e07a19356640428159f03", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/caf3a8afb5ea00db6d5398adf148d5534615fd80", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/570b4c52096e62fda562448f5760fd0ff06110f0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/819bfeca16eb9ad647ddcae25e7e12c30612147c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/21a673bddc8fd4873c370caf9ae70ffc6d47e8d3", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:04.470Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36270", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:09:41.037239Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:25.738Z"}}], "cna": {"title": "netfilter: tproxy: bail out if IP has been disabled on the device", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "cc6eb433856983e91071469c4ce57accb6947ccb", "lessThan": "10f0af5234dafd03d2b75233428ec3f11cf7e43d", "versionType": "git"}, {"status": "affected", "version": "cc6eb433856983e91071469c4ce57accb6947ccb", "lessThan": "07eeedafc59c45fe5de43958128542be3784764c", "versionType": "git"}, {"status": "affected", "version": "cc6eb433856983e91071469c4ce57accb6947ccb", "lessThan": "6fe5af4ff06db3d4d80e07a19356640428159f03", "versionType": "git"}, {"status": "affected", "version": "cc6eb433856983e91071469c4ce57accb6947ccb", "lessThan": "caf3a8afb5ea00db6d5398adf148d5534615fd80", "versionType": "git"}, {"status": "affected", "version": "cc6eb433856983e91071469c4ce57accb6947ccb", "lessThan": "570b4c52096e62fda562448f5760fd0ff06110f0", "versionType": "git"}, {"status": "affected", "version": "cc6eb433856983e91071469c4ce57accb6947ccb", "lessThan": "819bfeca16eb9ad647ddcae25e7e12c30612147c", "versionType": "git"}, {"status": "affected", "version": "cc6eb433856983e91071469c4ce57accb6947ccb", "lessThan": "21a673bddc8fd4873c370caf9ae70ffc6d47e8d3", "versionType": "git"}], "programFiles": ["net/ipv4/netfilter/nf_tproxy_ipv4.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.37"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.37", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.278", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.219", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.161", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.93", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.33", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.4", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/ipv4/netfilter/nf_tproxy_ipv4.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/10f0af5234dafd03d2b75233428ec3f11cf7e43d"}, {"url": "https://git.kernel.org/stable/c/07eeedafc59c45fe5de43958128542be3784764c"}, {"url": "https://git.kernel.org/stable/c/6fe5af4ff06db3d4d80e07a19356640428159f03"}, {"url": "https://git.kernel.org/stable/c/caf3a8afb5ea00db6d5398adf148d5534615fd80"}, {"url": "https://git.kernel.org/stable/c/570b4c52096e62fda562448f5760fd0ff06110f0"}, {"url": "https://git.kernel.org/stable/c/819bfeca16eb9ad647ddcae25e7e12c30612147c"}, {"url": "https://git.kernel.org/stable/c/21a673bddc8fd4873c370caf9ae70ffc6d47e8d3"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: tproxy: bail out if IP has been disabled on the device\n\nsyzbot reports:\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n[..]\nRIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62\nCall Trace:\n nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline]\n nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168\n\n__in_dev_get_rcu() can return NULL, so check for this."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.278", "versionStartIncluding": "2.6.37"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.219", "versionStartIncluding": "2.6.37"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.161", "versionStartIncluding": "2.6.37"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.93", "versionStartIncluding": "2.6.37"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.33", "versionStartIncluding": "2.6.37"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.4", "versionStartIncluding": "2.6.37"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10", "versionStartIncluding": "2.6.37"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:11:00.764Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36270", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:11:00.764Z", "dateReserved": "2024-06-21T10:13:16.302Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-21T10:18:07.026Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD9FAB17-6B05-46D3-970B-37496D272CB7", "versionEndExcluding": "5.4.278", "versionStartIncluding": "2.6.37", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9063AF3-D593-43B7-810D-58B87F82F9F9", "versionEndExcluding": "5.10.219", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2", "versionEndExcluding": "5.15.161", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667", "versionEndExcluding": "6.1.93", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E", "versionEndExcluding": "6.6.33", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "991B9791-966A-4D18-9E8D-A8AB128E5627", "versionEndExcluding": "6.9.4", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: tproxy: bail out if IP has been disabled on the device\n\nsyzbot reports:\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n[..]\nRIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62\nCall Trace:\n nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline]\n nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168\n\n__in_dev_get_rcu() can return NULL, so check for this."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: tproxy: rescate si se ha deshabilitado la IP en el dispositivo syzbot informa: falla de protecci\u00f3n general, probablemente para direcci\u00f3n no can\u00f3nica 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref en el rango [0x0000000000000018-0x000000000000001f] [..] RIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62 Seguimiento de llamadas: nft_tproxy_ eval_v4 net/netfilter/nft_tproxy.c: 56 [en l\u00ednea] nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168 __in_dev_get_rcu() puede devolver NULL, as\u00ed que verifique esto."}], "id": "CVE-2024-36270", "lastModified": "2024-11-21T09:21:58.203", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-21T11:15:10.117", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/07eeedafc59c45fe5de43958128542be3784764c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/10f0af5234dafd03d2b75233428ec3f11cf7e43d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/21a673bddc8fd4873c370caf9ae70ffc6d47e8d3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/570b4c52096e62fda562448f5760fd0ff06110f0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6fe5af4ff06db3d4d80e07a19356640428159f03"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/819bfeca16eb9ad647ddcae25e7e12c30612147c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/caf3a8afb5ea00db6d5398adf148d5534615fd80"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/07eeedafc59c45fe5de43958128542be3784764c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/10f0af5234dafd03d2b75233428ec3f11cf7e43d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/21a673bddc8fd4873c370caf9ae70ffc6d47e8d3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/570b4c52096e62fda562448f5760fd0ff06110f0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6fe5af4ff06db3d4d80e07a19356640428159f03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/819bfeca16eb9ad647ddcae25e7e12c30612147c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/caf3a8afb5ea00db6d5398adf148d5534615fd80"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:7486", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.125.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7486", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.125.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7486", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.125.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:6993", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.74.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:4583", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.26.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-07-17T00:00:00Z"}, {"advisory": "RHSA-2024:4583", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.26.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-07-17T00:00:00Z"}, {"advisory": "RHSA-2024:7489", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.86.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7490", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.86.1.rt14.371.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-02T00:00:00Z"}], "bugzilla": {"description": "kernel: netfilter: tproxy: bail out if IP has been disabled on the device", "id": "2293653", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293653"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: tproxy: bail out if IP has been disabled on the device\nsyzbot reports:\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n[..]\nRIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62\nCall Trace:\nnft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline]\nnft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168\n__in_dev_get_rcu() can return NULL, so check for this."], "name": "CVE-2024-36270", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-36270\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36270\nhttps://lore.kernel.org/linux-cve-announce/2024062135-CVE-2024-36270-f7f7@gregkh/T"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-476: NULL Pointer Dereference vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nThe platform incorporates secure engineering principles and controls to enforce secure coding practices, including proper memory handling and error checking, reducing the likelihood of null pointer dereference vulnerabilities. Coding standards, tools, and processes support early detection and prevention of memory-related flaws. Static code analysis identifies null dereference and related issues during development, while system monitoring detects memory errors and anomalous behavior in the event of exploitation. Additionally, the platform leverages memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against memory-related vulnerabilities.", "threat_severity": "Moderate"}

{}