CVE-2024-57947
netfilter: nf_set_pipapo: fix initial map fill
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
23 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_set_pipapo: fix initial map fill
The initial buffer has to be inited to all-ones, but it must restrict
it to the size of the first field, not the total field size.
After each round in the map search step, the result and the fill map
are swapped, so if we have a set where f->bsize of the first element
is smaller than m->bsize_max, those one-bits are leaked into future
rounds result map.
This makes pipapo find an incorrect matching results for sets where
first field size is not the largest.
Followup patch adds a test case to nft_concat_range.sh selftest script.
Thanks to Stefano Brivio for pointing out that we need to zero out
the remainder explicitly, only correcting memset() argument isn't enough.
Affected products
Linux · LinuxReferences
https://git.kernel.org/stable/c/69b6a67f7052905e928d75a0c5871de50e686986https://git.kernel.org/stable/c/77bf0c4ab928ca4c9a99311f4f70ba0c17fecba9https://git.kernel.org/stable/c/791a615b7ad2258c560f91852be54b0480837c93https://git.kernel.org/stable/c/8058c88ac0df21239daee54b5934d5c80ca9685fhttps://git.kernel.org/stable/c/957a4d1c4c5849e4515c9fb4db21bf85318103dchttps://git.kernel.org/stable/c/9625c46ce6fd4f922595a4b32b1de5066d70464f