{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-26849","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.182Z","datePublished":"2024-04-17T10:14:20.184Z","dateUpdated":"2026-04-18T08:56:35.070Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-04-18T08:56:35.070Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: add nla be16/32 types to minlen array\n\nBUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline]\nBUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline]\nBUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline]\nBUG: KMSAN: uninit-value in __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631\n nla_validate_range_unsigned lib/nlattr.c:222 [inline]\n nla_validate_int_range lib/nlattr.c:336 [inline]\n validate_nla lib/nlattr.c:575 [inline]\n...\n\nThe message in question matches this policy:\n\n [NFTA_TARGET_REV]       = NLA_POLICY_MAX(NLA_BE32, 255),\n\nbut because NLA_BE32 size in minlen array is 0, the validation\ncode will read past the malformed (too small) attribute.\n\nNote: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing:\nthose likely should be added too."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["lib/nlattr.c"],"versions":[{"version":"24ea1c8abaae6541ad95912422a9af4fb858428d","lessThan":"000a68159c0326b46c42ec712ab98793e7e625a7","status":"affected","versionType":"git"},{"version":"cbfac0add2afe8960a09806012313765a2179423","lessThan":"80b40f9cb87f3bf5877dfb852765cf92bc03ca77","status":"affected","versionType":"git"},{"version":"ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f","lessThan":"0ac219c4c3ab253f3981f346903458d20bacab32","status":"affected","versionType":"git"},{"version":"ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f","lessThan":"a2ab028151841cd833cb53eb99427e0cc990112d","status":"affected","versionType":"git"},{"version":"ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f","lessThan":"7a9d14c63b35f89563c5ecbadf918ad64979712d","status":"affected","versionType":"git"},{"version":"ecaf75ffd5f5db320d8b1da0198eef5a5ce64a3f","lessThan":"9a0d18853c280f6a0ee99f91619f2442a17a323a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["lib/nlattr.c"],"versions":[{"version":"6.1","status":"affected"},{"version":"0","lessThan":"6.1","status":"unaffected","versionType":"semver"},{"version":"6.1.81","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.21","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.9","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.1.81"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.6.21"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.7.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/000a68159c0326b46c42ec712ab98793e7e625a7"},{"url":"https://git.kernel.org/stable/c/80b40f9cb87f3bf5877dfb852765cf92bc03ca77"},{"url":"https://git.kernel.org/stable/c/0ac219c4c3ab253f3981f346903458d20bacab32"},{"url":"https://git.kernel.org/stable/c/a2ab028151841cd833cb53eb99427e0cc990112d"},{"url":"https://git.kernel.org/stable/c/7a9d14c63b35f89563c5ecbadf918ad64979712d"},{"url":"https://git.kernel.org/stable/c/9a0d18853c280f6a0ee99f91619f2442a17a323a"}],"title":"netlink: add nla be16/32 types to minlen array","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-17T19:19:12.793371Z","id":"CVE-2024-26849","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-17T19:19:19.771Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:14:13.697Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/0ac219c4c3ab253f3981f346903458d20bacab32","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a2ab028151841cd833cb53eb99427e0cc990112d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/7a9d14c63b35f89563c5ecbadf918ad64979712d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/9a0d18853c280f6a0ee99f91619f2442a17a323a","tags":["x_transferred"]}]}]}}