A new vulnerability, identified as CVE-2024-42070, has been discovered and resolved in the Linux kernel's netfilter nf_tables module. The exploit allowed potential attackers to leak pointers to chain objects through data registers. The patch fully validates NFT_DATA_VALUE on store to data registers, preventing unauthorized users from exploiting this vulnerability.
Exploit Details
In the Linux kernel, the register store validation for NFT_DATA_VALUE is usually conditional depending on the datatype. However, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT, which requires a new helper function to infer the register type from the set datatype, allowing the conditional check to be removed.
The vulnerability could be exploited by malicious users to leak pointers to chain objects through the data registers if the register validation was not properly enforced.
Resolution
The Linux kernel developers have released a patch that fully validates NFT_DATA_VALUE on store to data registers in the nf_tables module. This patch replaces the conditional check with a new helper function that infers the register type from the set datatype.
This is the modification made to the Linux kernel source code that addresses the vulnerability
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index c83a84cdeeca..56721278ea6 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -256,9 +256,8 @@ static const struct nla_policy nft_set_policy[NFTA_SET_MAX + 1] = {
.len = FIELD_SIZEOF(struct nft_set_desc, size), },
[NFTA_SET_USERDATA] = { .type = NLA_BINARY,
.len = NFT_USERDATA_MAXLEN },
- [NFTA_SET_DATATYPE] = { .type = NLA_U32 },
};
+static bool nf_tables_set_datatype_valid(enum nft_data_type type)
+{
+ switch (type) {
+ case (_U8)NFT_DATA_VALUE:
+ case (_U8)NFT_DATA_VERDICT:
+ return true;
+ default:
+ return false;
+ }
+}
Original References
1. Linux Git Commit: resolving CVE-2024-42070
2. National Vulnerability Database (NVD): CVE-2024-42070
Conclusion
The nf_tables module of the Linux kernel has been patched to address the CVE-2024-42070 vulnerability. It is essential for users to apply the patch as soon as possible to maintain their system's security. By updating their Linux kernel with the provided resolution, users can secure their systems against potential attacks that aim to exploit this vulnerability.
Timeline
Published on: 07/29/2024 16:15:06 UTC
Last modified on: 08/02/2024 04:54:31 UTC