In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level cgroup maximum depth is INT_MAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove unnecessary WARN_ON_ONCE which is reachable from userspace.
History

Fri, 10 Jan 2025 01:45:00 +0000


Thu, 09 Jan 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses CWE-617
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


Wed, 08 Jan 2025 18:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level cgroup maximum depth is INT_MAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove unnecessary WARN_ON_ONCE which is reachable from userspace.
Title netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-01-08T17:51:59.704Z

Updated: 2025-01-08T17:51:59.704Z

Reserved: 2024-12-29T11:26:39.768Z

Link: CVE-2024-56783

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2025-01-08T18:15:19.247

Modified: 2025-01-09T21:24:41.370

Link: CVE-2024-56783

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-01-08T00:00:00Z

Links: CVE-2024-56783 - Bugzilla