CVE-2024-42247

In the Linux kernel, the following vulnerability has been resolved: wireguard: allowedips: avoid unaligned 64-bit memory accesses On the parisc platform, the kernel issues kernel warnings because swap_endian() tries to load a 128-bit IPv6 address from an unaligned memory location: Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df) Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc) Avoid such unaligned memory accesses by instead using the get_unaligned_be64() helper macro. [Jason: replace src[8] in original patch with src+8]
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

08 Aug 2024, 14:52

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wireguard: Allowips: evita accesos a memoria de 64 bits no alineados. En la plataforma Parisc, el kernel emite advertencias del kernel porque swap_endian() intenta cargar una dirección IPv6 de 128 bits desde una memoria no alineada. ubicación: Kernel: acceso no alineado a 0x55f4688c en wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df) Kernel: acceso no alineado a 0x55f46884 en wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc ) Evite dichos accesos a la memoria no alineados utilizando en su lugar get_unaligned_be64 () macro auxiliar. [Jason: reemplaza src[8] en el parche original con src+8]
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
First Time Linux linux Kernel
Linux
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CWE CWE-770
References () https://git.kernel.org/stable/c/217978a29c6ceca76d3c640bf94bdf50c268d801 - () https://git.kernel.org/stable/c/217978a29c6ceca76d3c640bf94bdf50c268d801 - Patch
References () https://git.kernel.org/stable/c/2fb34bf76431e831f9863cd59adc0bd1f67b0fbf - () https://git.kernel.org/stable/c/2fb34bf76431e831f9863cd59adc0bd1f67b0fbf - Patch
References () https://git.kernel.org/stable/c/6638a203abad35fa636d59ac47bdbc4bc100fd74 - () https://git.kernel.org/stable/c/6638a203abad35fa636d59ac47bdbc4bc100fd74 - Patch
References () https://git.kernel.org/stable/c/948f991c62a4018fb81d85804eeab3029c6209f8 - () https://git.kernel.org/stable/c/948f991c62a4018fb81d85804eeab3029c6209f8 - Patch
References () https://git.kernel.org/stable/c/ae630de24efb123d7199a43256396d7758f4cb75 - () https://git.kernel.org/stable/c/ae630de24efb123d7199a43256396d7758f4cb75 - Patch
References () https://git.kernel.org/stable/c/b4764f0ad3d68de8a0b847c05f427afb86dd54e6 - () https://git.kernel.org/stable/c/b4764f0ad3d68de8a0b847c05f427afb86dd54e6 - Patch

07 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-07 16:15

Updated : 2024-08-08 14:52


NVD link : CVE-2024-42247

Mitre link : CVE-2024-42247

CVE.ORG link : CVE-2024-42247


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-770

Allocation of Resources Without Limits or Throttling