CVE-2024-42154

4.4 MEDIUM

Published: July 30, 2024 Modified: November 03, 2025

Description

In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated).

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing List Patch

https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing List Patch

https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing List Patch

https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing List Patch

https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing List Patch

https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing List Patch

https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing List Patch

https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Mailing List Patch

http://www.openwall.com/lists/oss-security/2024/09/24/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2024/09/24/4

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2024/09/25/3

Source: af854a3a-2127-422b-91ae-364da2661108

https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Patch

https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Patch

https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Patch

https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Patch

https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Patch

https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Patch

https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Patch

https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Patch

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20240828-0010/

Source: af854a3a-2127-422b-91ae-364da2661108

21 reference(s) from NVD

Quick Stats

CVSS v3 Score

4.4 / 10.0

EPSS (Exploit Probability)

0.0%

7th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-754

Affected Vendors

linux

Related CVEs

CVE-2025-69261 N/A

CVE-2025-69257 6.7

CVE-2025-69210 N/A

CVE-2025-66823 N/A

CVE-2025-50343 N/A