PT-2024-33959 · Linux+7 · Linux Kernel+7
Published
2024-10-21
·
Updated
2025-10-03
·
CVE-2024-50128
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.61
Description:
A global out-of-bounds read vulnerability has been identified in the Linux kernel, specifically in the
wwan rtnl policy variable. This issue occurs when parsing netlink attributes, and it is caused by the wwan rtnl link ops assigning a larger maxtype value. The vulnerability can be exploited when the nla parse nested deprecated function is called with an incorrect size, leading to a global out-of-bounds read. The issue is similar to a previously fixed out-of-bounds bug in the rmnet policy commit.To fix this issue, the correct size
IFLA WWAN MAX should be used in the nla parse nested deprecated function.Recommendations:
To resolve this issue, update the Linux kernel to version 6.6.61 or later.
As a temporary workaround, consider restricting access to the vulnerable
wwan rtnl policy variable until a patch is available.Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu