PT-2024-10022 · Linux+10 · Linux Kernel+10

Published

2024-11-14

·

Updated

2026-05-26

·

CVE-2024-53141

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description An out-of-bounds write flaw exists in the netfilter ipset subsystem, specifically within the bitmap ip uadt() function in the net/netfilter/ipset/ip set bitmap ip.c module. The issue is caused by improper input validation and a missing range check when the tb[IPSET ATTR IP TO] parameter is absent but tb[IPSET ATTR CIDR] is present, leading to a slight swap of the ip and ip to values. This can result in a heap overflow, allowing local attackers with low privileges to achieve privilege escalation to root and execute arbitrary code, impacting the confidentiality, integrity, and availability of protected information.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2025:7531
ALSA-2025:7532
ALT-PU-2024-17211
ALT-PU-2024-17893
ALT-PU-2025-12647
AZL-54090
AZL-54095
BDU:2025-00150
CESA-2025_7531
CESA-2025_7532
CESA-2025_8345
CVE-2024-53141
DLA-4075-1
DLA-4076-1
INFSA-2025_7531
INFSA-2025_7532
OESA-2025-1034
OESA-2025-1158
OESA-2025-1162
OESA-2025-1286
OPENSUSE-SU-2025_0117-1
OPENSUSE-SU-2025_0153-1
OPENSUSE-SU-2025_0154-1
OPENSUSE-SU-2025_0556-1
OPENSUSE-SU-2025_0577-1
RHSA-2025:6966
RHSA-2025:7526
RHSA-2025:7531
RHSA-2025:7532
RHSA-2025:7533
RHSA-2025:7534
RHSA-2025:7652
RHSA-2025:7675
RHSA-2025:7682
RHSA-2025:7732
RHSA-2025:7896
RHSA-2025:7897
RHSA-2025:7898
RHSA-2025:7899
RHSA-2025:7901
RHSA-2025:7902
RHSA-2025:8342
RHSA-2025:8343
RHSA-2025:8344
RHSA-2025:8345
RHSA-2025:8346
RHSA-2025:8347
RHSA-2025:8348
RHSA-2025_6966
RHSA-2025_7531
RHSA-2025_7532
SUSE-SU-2025:0117-1
SUSE-SU-2025:0153-1
SUSE-SU-2025:0154-1
SUSE-SU-2025:02099-1
SUSE-SU-2025:02264-1
SUSE-SU-2025:02308-1
SUSE-SU-2025:02320-1
SUSE-SU-2025:02321-1
SUSE-SU-2025:02322-1
SUSE-SU-2025:0236-1
SUSE-SU-2025:02537-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:0556-1
SUSE-SU-2025:0577-1
SUSE-SU-2025:0577-2
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025:21085-1
SUSE-SU-2025:21086-1
SUSE-SU-2025:21092-1
SUSE-SU-2025:21093-1
SUSE-SU-2025:21107-1
SUSE-SU-2025:21116-1
SUSE-SU-2025:2264-1
SUSE-SU-2025:4161-1
SUSE-SU-2025:4170-1
SUSE-SU-2025:4171-1
SUSE-SU-2025:4194-1
SUSE-SU-2025:4199-1
SUSE-SU-2025:4203-1
SUSE-SU-2025:4215-1
SUSE-SU-2025:4227-1
SUSE-SU-2025:4230-1
SUSE-SU-2025:4233-1
SUSE-SU-2025:4239-1
SUSE-SU-2025:4243-1
SUSE-SU-2025:4255-1
SUSE-SU-2025:4256-1
SUSE-SU-2025:4261-1
SUSE-SU-2025:4283-1
SUSE-SU-2025_02099-1
SUSE-SU-2025_02264-1
SUSE-SU-2025_02308-1
SUSE-SU-2025_0236-1
SUSE-SU-2025_02537-1
SUSE-SU-2025_0577-1
SUSE-SU-2025_0577-2
USN-7232-1
USN-7233-1
USN-7233-2
USN-7233-3
USN-7234-1
USN-7234-2
USN-7234-3
USN-7234-4
USN-7234-5
USN-7235-1
USN-7235-2
USN-7235-3
USN-7236-1
USN-7236-2
USN-7236-3
USN-7237-1
USN-7262-1
USN-7262-2
USN-7276-1
USN-7277-1
USN-7295-1
USN-7308-1
USN-7310-1
USN-7311-1
USN-7389-1
USN-7390-1
USN-7413-1
USN-7468-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu