PT-2025-3672 · Linux+5 · Linux Kernel+5
Stefano Brivio
+1
·
Published
2024-07-17
·
Updated
2026-03-14
·
CVE-2024-57947
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to the netfilter module in the Linux kernel, specifically with the
nf set pipapo function. The problem arises when the initial buffer is not properly initialized, leading to incorrect results in the map search step. This occurs when the size of the first field is smaller than the maximum size, causing one-bits to leak into future rounds' result maps. As a result, pipapo finds incorrect matching results for sets where the first field size is not the largest.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Debian
Linux Kernel
Red Hat
Red Os
Suse