PT-2024-36960 · Linux+7 · Linux Kernel+7

Syzbot

·

Published

2024-11-28

·

Updated

2025-11-18

·

CVE-2024-56650

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74
Description A vulnerability has been resolved in the Linux kernel, specifically in the netfilter: x tables module, where an invalid byte sequence may be passed from userspace, potentially leading to a slab-out-of-bounds error in the strlen function. The led tg check function has been updated to include an extra check to ensure that such sequences are rejected as possible IDs and never passed to kstrdup or further. The issue was reported by Syzbot and detected by KASAN.
Recommendations To resolve the issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider restricting access to the vulnerable led tg check function until a patch is available. Avoid using the kstrdup function with unvalidated user input in the affected API endpoint until the issue is resolved.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2024-17881
ALT-PU-2024-17897
ALT-PU-2025-12647
AZL-54738
AZL-54892
BDU:2025-06579
CVE-2024-56650
DLA-4075-1
DLA-4076-1
MGASA-2025-0030
MGASA-2025-0032
OESA-2025-1161
OESA-2025-1202
OESA-2025-1203
OESA-2025-1286
OPENSUSE-SU-2025_0428-1
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0517-1
OPENSUSE-SU-2025_0517-2
OPENSUSE-SU-2025_0556-1
OPENSUSE-SU-2025_0557-1
OPENSUSE-SU-2025_0576-1
OPENSUSE-SU-2025_0577-1
OPENSUSE-SU-2025_0771-1
OPENSUSE-SU-2025_1416-1
OPENSUSE-SU-2025_1418-1
OPENSUSE-SU-2025_1422-1
OPENSUSE-SU-2025_1423-1
OPENSUSE-SU-2025_1425-1
OPENSUSE-SU-2025_1444-1
OPENSUSE-SU-2025_1445-1
OPENSUSE-SU-2025_1448-1
OPENSUSE-SU-2025_1449-1
OPENSUSE-SU-2025_1454-1
OPENSUSE-SU-2025_1463-1
OPENSUSE-SU-2025_1467-1
OPENSUSE-SU-2025_1468-1
SUSE-SU-2025:0428-1
SUSE-SU-2025:0499-1
SUSE-SU-2025:0555-1
SUSE-SU-2025:0556-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:0564-1
SUSE-SU-2025:0565-1
SUSE-SU-2025:0576-1
SUSE-SU-2025:0577-1
SUSE-SU-2025:0577-2
SUSE-SU-2025:0603-1
SUSE-SU-2025:0771-1
SUSE-SU-2025:0867-1
SUSE-SU-2025:1385-1
SUSE-SU-2025:1387-1
SUSE-SU-2025:1392-1
SUSE-SU-2025:1402-1
SUSE-SU-2025:1403-1
SUSE-SU-2025:1408-1
SUSE-SU-2025:1416-1
SUSE-SU-2025:1418-1
SUSE-SU-2025:1422-1
SUSE-SU-2025:1423-1
SUSE-SU-2025:1425-1
SUSE-SU-2025:1444-1
SUSE-SU-2025:1445-1
SUSE-SU-2025:1448-1
SUSE-SU-2025:1449-1
SUSE-SU-2025:1454-1
SUSE-SU-2025:1463-1
SUSE-SU-2025:1467-1
SUSE-SU-2025:1468-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20211-1
SUSE-SU-2025:20212-1
SUSE-SU-2025:20213-1
SUSE-SU-2025:20214-1
SUSE-SU-2025:20215-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025:20314-1
SUSE-SU-2025:20315-1
SUSE-SU-2025:20341-1
SUSE-SU-2025:20369-1
SUSE-SU-2025:4123-1
SUSE-SU-2025_0428-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0517-1
SUSE-SU-2025_0517-2
SUSE-SU-2025_0557-1
SUSE-SU-2025_0577-1
SUSE-SU-2025_0577-2
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7387-1
USN-7387-2
USN-7387-3
USN-7388-1
USN-7389-1
USN-7390-1
USN-7391-1
USN-7392-1
USN-7392-2
USN-7392-3
USN-7392-4
USN-7393-1
USN-7401-1
USN-7407-1
USN-7413-1
USN-7421-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7458-1
USN-7459-1
USN-7459-2
USN-7463-1
USN-7468-1
USN-7496-1
USN-7496-2
USN-7496-3
USN-7496-4
USN-7496-5
USN-7506-1
USN-7506-2
USN-7506-3
USN-7506-4
USN-7523-1
USN-7524-1
USN-7539-1
USN-7540-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu