netfilter: conntrack: add missing netlink policy validations
Platform
linux
Component
linux-kernel
Fixed in
f900e1d77ee0ef87bfb5ab3fe60f0b3d8ad5ba05
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. These attributes are used by the kernel without any validation. Extend the netlink policies accordingly. Quoting the reporter: nlattr_to_sctp() assigns the user-supplied CTA_PROTOINFO_SCTP_STATE value directly to ct->proto.sctp.state without checking that it is within the valid range. [..] and: ... with exp->dir = 100, the access at ct->master->tuplehash[100] reads 5600 bytes past the start of a 320-byte nf_conn object, causing a slab-out-of-bounds read confirmed by UBSAN.
How to fix
Actualizar el kernel de Linux a la versión 6.19.10 o superior para mitigar la vulnerabilidad de acceso fuera de límites en el manejo de SCTP y ctnetlink. Esta actualización corrige la validación de políticas netlink, previniendo la lectura de memoria no autorizada. Consultar las notas de la versión del kernel para obtener instrucciones específicas de actualización.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free