Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog Docs About Contact
7.1
CVSSv3

CVE-2024-56650

CVSSv4: NA | CVSSv3: 7.1 | CVSSv2: NA | VMScore: 810 | EPSS: 0.00033 | KEV: Not Included
Published: 27/12/2024 Updated: 06/01/2025

Vulnerability Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() Syzbot has reported the following BUG detected by KASAN: BUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70 Read of size 1 at addr ffff8881022da0c8 by task repro/5879 ... Call Trace: <TASK> dump_stack_lvl+0x241/0x360 ? __pfx_dump_stack_lvl+0x10/0x10 ? __pfx__printk+0x10/0x10 ? _printk+0xd5/0x120 ? __virt_addr_valid+0x183/0x530 ? __virt_addr_valid+0x183/0x530 print_report+0x169/0x550 ? __virt_addr_valid+0x183/0x530 ? __virt_addr_valid+0x183/0x530 ? __virt_addr_valid+0x45f/0x530 ? __phys_addr+0xba/0x170 ? strlen+0x58/0x70 kasan_report+0x143/0x180 ? strlen+0x58/0x70 strlen+0x58/0x70 kstrdup+0x20/0x80 led_tg_check+0x18b/0x3c0 xt_check_target+0x3bb/0xa40 ? __pfx_xt_check_target+0x10/0x10 ? stack_depot_save_flags+0x6e4/0x830 ? nft_target_init+0x174/0xc30 nft_target_init+0x82d/0xc30 ? __pfx_nft_target_init+0x10/0x10 ? nf_tables_newrule+0x1609/0x2980 ? nf_tables_newrule+0x1609/0x2980 ? rcu_is_watching+0x15/0xb0 ? nf_tables_newrule+0x1609/0x2980 ? nf_tables_newrule+0x1609/0x2980 ? __kmalloc_noprof+0x21a/0x400 nf_tables_newrule+0x1860/0x2980 ? __pfx_nf_tables_newrule+0x10/0x10 ? __nla_parse+0x40/0x60 nfnetlink_rcv+0x14e5/0x2ab0 ? __pfx_validate_chain+0x10/0x10 ? __pfx_nfnetlink_rcv+0x10/0x10 ? __lock_acquire+0x1384/0x2050 ? netlink_deliver_tap+0x2e/0x1b0 ? __pfx_lock_release+0x10/0x10 ? netlink_deliver_tap+0x2e/0x1b0 netlink_unicast+0x7f8/0x990 ? __pfx_netlink_unicast+0x10/0x10 ? __virt_addr_valid+0x183/0x530 ? __check_object_size+0x48e/0x900 netlink_sendmsg+0x8e4/0xcb0 ? __pfx_netlink_sendmsg+0x10/0x10 ? aa_sock_msg_perm+0x91/0x160 ? __pfx_netlink_sendmsg+0x10/0x10 __sock_sendmsg+0x223/0x270 ____sys_sendmsg+0x52a/0x7e0 ? __pfx_____sys_sendmsg+0x10/0x10 __sys_sendmsg+0x292/0x380 ? __pfx___sys_sendmsg+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? exc_page_fault+0x590/0x8c0 ? do_syscall_64+0xb6/0x230 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... </TASK> Since an invalid (without '\0' byte at all) byte sequence may be passed from userspace, add an extra check to ensure that such a sequence is rejected as possible ID and so never passed to 'kstrdup()' and further.

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux

linux linux kernel

linux linux kernel 6.13

Vendor Advisories

Amazon Linux AMI: ALAS-2025-1970
In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oom_bfqq (CVE-2022-49179) In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for real_dev (CVE-2022-49390) In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blk_mq ...
Amazon Linux 2: ALASLIVEPATCH-2025-227
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfs_btree_check_delete() (CVE-2024-47757) In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse() the buffer of the extents path (CVE-2024-49882) In the Linux kernel, the following vulnerability has been reso ...
Amazon Linux 2: ALASLIVEPATCH-2025-228
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfs_btree_check_delete() (CVE-2024-47757) In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse() the buffer of the extents path (CVE-2024-49882) In the Linux kernel, the following vulnerability has been reso ...
Amazon Linux 2: ALAS-2025-2826
In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oom_bfqq (CVE-2022-49179) In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for real_dev (CVE-2022-49390) In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blk_mq ...
Amazon Linux 2: ALASLIVEPATCH-2025-226
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfs_btree_check_delete() (CVE-2024-47757) In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse() the buffer of the extents path (CVE-2024-49882) In the Linux kernel, the following vulnerability has been reso ...

References

CWE-125https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2025-1970.htmlhttps://www.first.org/epsshttps://git.kernel.org/stable/c/04317f4eb2aad312ad85c1a17ad81fe75f1f9bc7https://git.kernel.org/stable/c/147a42bb02de8735cb08476be6d0917987d022c2https://git.kernel.org/stable/c/36a9d94dac28beef6b8abba46ba8874320d3e800https://git.kernel.org/stable/c/a9bcc0b70d9baf3ff005874489a0dc9d023b54c3https://git.kernel.org/stable/c/ab9916321c95f5280b72b4c5055e269f98627efehttps://git.kernel.org/stable/c/ad28612ebae1fcc1104bd432e99e99d87f6bfe09https://git.kernel.org/stable/c/c40c96d98e536fc1daaa125c2332b988615e30a4
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
adp application developer platform 应用开发者平台type confusionflirCVE-2025-6268overflowdir-825CVE-2025-6018CVE-2025-2783CVE-2025-6292webassemblyauthentication bypassCVE-2025-4479CVE-2025-6306
Home
/
Search Results
/
CVE-2024-56650
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook