CVE-2024-26849

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-26849
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26849.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-26849
Downstream
Related
Published
2024-04-17T10:14:20.184Z
Modified
2026-03-14T12:30:01.833684Z
Summary
netlink: add nla be16/32 types to minlen array
Details

In the Linux kernel, the following vulnerability has been resolved:

netlink: add nla be16/32 types to minlen array

BUG: KMSAN: uninit-value in nlavalidaterangeunsigned lib/nlattr.c:222 [inline] BUG: KMSAN: uninit-value in nlavalidateintrange lib/nlattr.c:336 [inline] BUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline] BUG: KMSAN: uninit-value in _nlavalidateparse+0x2e20/0x45c0 lib/nlattr.c:631 nlavalidaterangeunsigned lib/nlattr.c:222 [inline] nlavalidateintrange lib/nlattr.c:336 [inline] validatenla lib/nlattr.c:575 [inline] ...

The message in question matches this policy:

[NFTATARGETREV] = NLAPOLICYMAX(NLA_BE32, 255),

but because NLA_BE32 size in minlen array is 0, the validation code will read past the malformed (too small) attribute.

Note: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing: those likely should be added too.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26849.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f
Fixed
0ac219c4c3ab253f3981f346903458d20bacab32
Fixed
a2ab028151841cd833cb53eb99427e0cc990112d
Fixed
7a9d14c63b35f89563c5ecbadf918ad64979712d
Fixed
9a0d18853c280f6a0ee99f91619f2442a17a323a

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26849.json"