PT-2024-29726 · Linux+10 · Linux Kernel+10
Linus Torvalds
·
Published
2024-06-26
·
Updated
2025-09-29
·
CVE-2024-42070
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux Kernel (affected versions not specified)
Description
The issue is related to the netfilter component of the Linux kernel, specifically with the nf tables subsystem. The problem arises from the conditional validation of NFT DATA VALUE when storing data in registers. Since the datatype is always either NFT DATA VALUE or NFT DATA VERDICT, a new helper function can infer the register type from the set datatype, allowing the removal of the conditional check. Without this fix, a pointer to a chain object can be leaked through the registers, potentially leading to information disclosure. This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Type Confusion
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu