CVE-2024-42070

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jul 29, 2024
Updated: Jul 30, 2024
CWE ID 401

Summary

CVE-2024-42070 is a vulnerability affecting the Linux kernel's netfilter and nf_tables components. The issue arises due to insufficient validation of NFT_DATA_VALUE when storing it to data registers. This can allow an attacker to leak a pointer to a chain object through the registers, potentially leading to unintended access or data disclosure. The vulnerability has been addressed by adding a helper function to determine the register type based on the data type, enabling the removal of the conditional check.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share