CVE-2024-53141
Published: Dec 6, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 72205fc68bd13109576aa6c4c12c740962d28a6c - < 3c20b5948f119ae61ee35ad8584d666020c91581affected 72205fc68bd13109576aa6c4c12c740962d28a6c - < 78b0f2028f1043227a8eb0c41944027fc6a04596affected 72205fc68bd13109576aa6c4c12c740962d28a6c - < 2e151b8ca31607d14fddc4ad0f14da0893e1a7c7affected 72205fc68bd13109576aa6c4c12c740962d28a6c - < e67471437ae9083fa73fa67eee1573fec1b7c8cfaffected 72205fc68bd13109576aa6c4c12c740962d28a6c - < 7ffef5e5d5eeecd9687204a5ec2d863752aafb7e+4 more versions |
Linux | Linux | affected 2.6.39unaffected 0 - < 2.6.39unaffected 4.19.325 - <= 4.19.*unaffected 5.4.287 - <= 5.4.*unaffected 5.10.231 - <= 5.10.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now