QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-35962

Back to search

CVE-2024-35962

Published: May 20, 2024

Modified: May 12, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that do_replace() handlers use copy_from_sockptr() (which I fixed), followed by unsafe copy_from_sockptr_offset() calls. In all functions, we can perform the @optlen validation before even calling xt_alloc_table_info() with the following check: if ((u64)optlen < (u64)tmp.size + sizeof(tmp)) return -EINVAL;

VendorProductVersions

Linux

Linux

affected
0f038242b77ddfc505bf4163d4904c1abd2e74d6 - < cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05
affected
440e948cf0eff32cfe322dcbca3f2525354b159b - < 97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7
affected
18aae2cb87e5faa9c5bd865260ceadac60d5a6c5 - < c760089aa98289b4b88a7ff5a62dd92845adf223
affected
81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525 - < 89242d9584c342cb83311b598d9e6b82572eadf8
affected
58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018 - < 562b7245131f6e9f1d280c8b5a8750f03edfc05c

+1 more versions

Linux

Linux

affected
5.10.215 - < 5.10.216
affected
5.15.154 - < 5.15.156
affected
6.1.85 - < 6.1.87
affected
6.6.26 - < 6.6.28
affected
6.8.5 - < 6.8.7

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now