CVE-2024-42070
medium
CVSS v3
5.5
CVSS v4 NEW
β
VIR risk
5.5
Description
RHSA-2024:8870: kernel-rt security update (Moderate)
Predictions
Exploit likelihood
55%
Patch ETA
β
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Red Hat Errata β Red Hat Inc. Β· View original β Β· Open-Errata-API
Description kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers CVSS v3: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.27.1.rt7.368.el8_10RHSA-2024:88702024-11-05T00:00:00Z Red Hat Enterprise Linuxβ¦
Description
kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
CVSS v3: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | kernel-rt-0:4.18.0-553.27.1.rt7.368.el8_10 | RHSA-2024:8870 | 2024-11-05T00:00:00Z |
| Red Hat Enterprise Linux 8 | kernel-0:4.18.0-553.27.1.el8_10 | RHSA-2024:8856 | 2024-11-05T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-503.11.1.el9_5 | RHSA-2024:9315 | 2024-11-12T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-503.11.1.el9_5 | RHSA-2024:9315 | 2024-11-12T00:00:00Z |
| Red Hat Enterprise Linux 9.4 Extended Update Support | kernel-0:5.14.0-427.66.1.el9_4 | RHSA-2025:4342 | 2025-04-30T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel | Out of support scope |
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope |
| Red Hat Enterprise Linux 9 | kernel-rt | Affected |
Apply commands
Apply RHSA-2024:8870 for Red Hat Enterprise Linux 8
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rtAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 6 | Not affected |
| redhat | Red Hat Enterprise Linux 9 | Affected |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 6.1.98-1 |
| debian | bullseye | fixed | 5.10.221-1 |
| debian | forky | fixed | 6.9.8-1 |
| debian | sid | fixed | 6.9.8-1 |
| debian | trixie | fixed | 6.9.8-1 |
| linux-kernel | affected | 3.13 | |
| almalinux | 8 | fixed | kernel-doc-4.18.0-553.27.1.el8_10.noarch.rpm |
| rhel | 8 | fixed | |
References
- https://access.redhat.com/errata/RHSA-2024:9315
- https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4
- https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f
- https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f
- https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8
- https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf
- https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c
- https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564
- https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://cert-portal.siemens.com/productcert/html/ssa-398330.html
- https://cert-portal.siemens.com/productcert/html/ssa-613116.html
- https://errata.rockylinux.org/RLSA-2024:8870
- https://errata.rockylinux.org/RLSA-2024:8856
- https://www.suse.com/security/cve/CVE-2024-42070.html
- https://security-tracker.debian.org/tracker/CVE-2024-42070
- https://access.redhat.com/errata/RHSA-2024:8856
- https://bugzilla.redhat.com/2266247
- https://bugzilla.redhat.com/2269183
- https://bugzilla.redhat.com/2275750
- https://bugzilla.redhat.com/2277168
- https://bugzilla.redhat.com/2278262
- https://bugzilla.redhat.com/2278350
- https://bugzilla.redhat.com/2278387
CWEs
CWE-401
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.