In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() Reject rt match rules whose addrnr exceeds IP6T_RT_HOPS. rt_mt6() expects addrnr to stay within the bounds of rtinfo->addrs[]. Validate addrnr during rule installation so malformed rules are rejected before the match logic can use an out-of-range value.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Type: Secondary
Exploitability Score: 1.8
Impact Score: 5.2
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
NVD-CWE-noinfo
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bdd9a3840> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bcc42e8c0> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bcc42e880> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bdccaba40> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bdd9a1400> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bcbd397c0> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bcbd3bd00> | Operating System |
| linux | linux_kernel | 2.6.12 | <built-in method update of dict object at 0x702bcbd3a240> | Operating System |
| linux | linux_kernel | 2.6.12 | <built-in method update of dict object at 0x702bcbd3be80> | Operating System |
| linux | linux_kernel | 2.6.12 | <built-in method update of dict object at 0x702bcbd38a40> | Operating System |
| linux | linux_kernel | 2.6.12 | <built-in method update of dict object at 0x702bcbd3b6c0> | Operating System |
| linux | linux_kernel | 2.6.12 | <built-in method update of dict object at 0x702bcbd38640> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bcbd3b740> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702ba7318d00> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702ba7319680> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bdc0d2a00> | Operating System |
| linux | linux_kernel | 7.0 | <built-in method update of dict object at 0x702bdc0d1d40> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:* |