CVE-2024-36017

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the do setvfinfo() function in the net/core/rtnetlink.c module of the Linux kernel, which is associated with a buffer overflow vulnerability. This vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The problem arises from the validation of attributes within a nested IFLA VF VLAN LIST, where each attribute is expected to be at least the size of struct ifla vf vlan info, which is 14 bytes. However, the current validation checks against NLA HDRLEN (4 bytes), which is less than the required size, potentially leading to out-of-bounds read access when accessing the saved entry in ivvl.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.