{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-42154", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.194Z", "datePublished": "2024-07-30T07:46:51.456Z", "dateUpdated": "2025-11-03T22:02:18.507Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:24:17.764Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated)."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/tcp_metrics.c"], "versions": [{"version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5", "lessThan": "19d997b59fa1fd7a02e770ee0881c0652b9c32c9", "status": "affected", "versionType": "git"}, {"version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5", "lessThan": "2a2e79dbe2236a1289412d2044994f7ab419b44c", "status": "affected", "versionType": "git"}, {"version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5", "lessThan": "cdffc358717e436bb67122bb82c1a2a26e050f98", "status": "affected", "versionType": "git"}, {"version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5", "lessThan": "ef7c428b425beeb52b894e16f1c4b629d6cebfb6", "status": "affected", "versionType": "git"}, {"version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5", "lessThan": "31f03bb04146c1c6df6c03e9f45401f5f5a985d3", "status": "affected", "versionType": "git"}, {"version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5", "lessThan": "8c2debdd170e395934ac0e039748576dfde14e99", "status": "affected", "versionType": "git"}, {"version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5", "lessThan": "3d550dd5418729a6e77fe7721d27adea7152e321", "status": "affected", "versionType": "git"}, {"version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5", "lessThan": "66be40e622e177316ae81717aa30057ba9e61dff", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/tcp_metrics.c"], "versions": [{"version": "3.14", "status": "affected"}, {"version": "0", "lessThan": "3.14", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.318", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.280", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.222", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.163", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.98", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.39", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14", "versionEndExcluding": "4.19.318"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14", "versionEndExcluding": "5.4.280"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14", "versionEndExcluding": "5.10.222"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14", "versionEndExcluding": "5.15.163"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14", "versionEndExcluding": "6.1.98"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14", "versionEndExcluding": "6.6.39"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14", "versionEndExcluding": "6.9.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9"}, {"url": "https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c"}, {"url": "https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98"}, {"url": "https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6"}, {"url": "https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3"}, {"url": "https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99"}, {"url": "https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321"}, {"url": "https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff"}], "title": "tcp_metrics: validate source addr length", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240828-0010/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/09/24/3"}, {"url": "http://www.openwall.com/lists/oss-security/2024/09/24/4"}, {"url": "http://www.openwall.com/lists/oss-security/2024/09/25/3"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:02:18.507Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42154", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:15:15.159948Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:34.227Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240828-0010/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/09/24/3"}, {"url": "http://www.openwall.com/lists/oss-security/2024/09/24/4"}, {"url": "http://www.openwall.com/lists/oss-security/2024/09/25/3"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:02:18.507Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42154", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:15:15.159948Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:24.513Z"}}], "cna": {"title": "tcp_metrics: validate source addr length", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5", "lessThan": "19d997b59fa1fd7a02e770ee0881c0652b9c32c9", "versionType": "git"}, {"status": "affected", "version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5", "lessThan": "2a2e79dbe2236a1289412d2044994f7ab419b44c", "versionType": "git"}, {"status": "affected", "version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5", "lessThan": "cdffc358717e436bb67122bb82c1a2a26e050f98", "versionType": "git"}, {"status": "affected", "version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5", "lessThan": "ef7c428b425beeb52b894e16f1c4b629d6cebfb6", "versionType": "git"}, {"status": "affected", "version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5", "lessThan": "31f03bb04146c1c6df6c03e9f45401f5f5a985d3", "versionType": "git"}, {"status": "affected", "version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5", "lessThan": "8c2debdd170e395934ac0e039748576dfde14e99", "versionType": "git"}, {"status": "affected", "version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5", "lessThan": "3d550dd5418729a6e77fe7721d27adea7152e321", "versionType": "git"}, {"status": "affected", "version": "3e7013ddf55af7bc191792b8aea0c2b94fb0fef5", "lessThan": "66be40e622e177316ae81717aa30057ba9e61dff", "versionType": "git"}], "programFiles": ["net/ipv4/tcp_metrics.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.14"}, {"status": "unaffected", "version": "0", "lessThan": "3.14", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.318", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.280", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.222", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.163", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.98", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.39", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.9", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/ipv4/tcp_metrics.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9"}, {"url": "https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c"}, {"url": "https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98"}, {"url": "https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6"}, {"url": "https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3"}, {"url": "https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99"}, {"url": "https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321"}, {"url": "https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated)."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.318", "versionStartIncluding": "3.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.280", "versionStartIncluding": "3.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.222", "versionStartIncluding": "3.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.163", "versionStartIncluding": "3.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.98", "versionStartIncluding": "3.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.39", "versionStartIncluding": "3.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.9", "versionStartIncluding": "3.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10", "versionStartIncluding": "3.14"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:24:17.764Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42154", "state": "PUBLISHED", "dateUpdated": "2025-11-03T22:02:18.507Z", "dateReserved": "2024-07-29T15:50:41.194Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-30T07:46:51.456Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "41501C3F-D08F-4EAC-A463-95CDEF6987D8", "versionEndExcluding": "4.19.318", "versionStartIncluding": "3.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "625DBFAB-C3D0-4309-A27F-12D6428FB38F", "versionEndExcluding": "5.4.280", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "00696AC5-EE29-437F-97F9-C4D66608B327", "versionEndExcluding": "5.10.222", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A97DEB09-4927-40F8-B5C6-F5BD5EAE0CFD", "versionEndExcluding": "5.15.163", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E09E92A5-27EF-40E4-926A-B1CDC8270551", "versionEndExcluding": "6.1.98", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "29E894E4-668F-4DB0-81F7-4FB5F698E970", "versionEndExcluding": "6.6.39", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085", "versionEndExcluding": "6.9.9", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*", "matchCriteriaId": "BD973AA4-A789-49BD-8D57-B2846935D3C7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*", "matchCriteriaId": "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated)."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tcp_metrics: validar la longitud de la direcci\u00f3n de origen. No veo nada comprobando que TCP_METRICS_ATTR_SADDR_IPV4 tenga al menos 4 bytes de longitud y la pol\u00edtica no tiene ninguna entrada para este atributo (tampoco lo hace para IPv6 pero v6 se valida manualmente)."}], "id": "CVE-2024-42154", "lastModified": "2025-11-03T22:17:43.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-30T08:15:06.933", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/09/24/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/09/24/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/09/25/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240828-0010/"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6993", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.74.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:10772", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.95.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-12-04T00:00:00Z"}, {"advisory": "RHSA-2024:10773", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.95.1.rt14.380.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-12-04T00:00:00Z"}, {"advisory": "RHSA-2024:10771", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.47.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2024-12-04T00:00:00Z"}], "bugzilla": {"description": "kernel: tcp_metrics: validate source addr length", "id": "2301522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301522"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-130", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ntcp_metrics: validate source addr length\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated).", "A vulnerability was found in the Linux kernel's tcp_metrics.c, where insufficient validation of the length of the source address for TCP metrics could lead to incorrect memory read (out of boundary read)."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42154", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42154\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42154\nhttps://lore.kernel.org/linux-cve-announce/2024073034-CVE-2024-42154-cf82@gregkh/T"], "statement": "The impact level is limited, because:\n1. Missed check existed before and worked correctly (because by default it worked for int32 value, even if it was not specified exactly).\n2. Even if for some specific case fail could happen, still it can lead only to incorrect memory read.\n3. Even if memory corruption happens, it should not lead to anything apart from incorrect tcp-ip statistics output to the local user.\n4. This bug is restricted to local as netlink is configured to be local only out of the box.", "threat_severity": "Moderate"}

{}