Vulnerabilities > CVE-2024-44983 - Use of Uninitialized Resource vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure there is sufficient room to access the protocol field of the VLAN header, validate it once before the flowtable lookup. ===================================================== BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32 nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline] nf_ingress net/core/dev.c:5440 [inline]
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/c05155cc455785916164aa5e1b4605a2ae946537
- https://git.kernel.org/stable/c/d9384ae7aec46036d248d1c2c2757e471ab486c3
- https://git.kernel.org/stable/c/0279c35d242d037abeb73d60d06a6d1bb7f672d9
- https://git.kernel.org/stable/c/043a18bb6cf16adaa2f8642acfde6e8956a9caaa
- https://git.kernel.org/stable/c/6ea14ccb60c8ab829349979b22b58a941ec4a3ee