VYPR
Medium severity5.5NVD Advisory· Published May 20, 2024· Updated May 12, 2026

CVE-2024-35962

CVE-2024-35962

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: complete validation of user input

In my recent commit, I missed that do_replace() handlers use copy_from_sockptr() (which I fixed), followed by unsafe copy_from_sockptr_offset() calls.

In all functions, we can perform the @optlen validation before even calling xt_alloc_table_info() with the following check:

if ((u64)optlen < (u64)tmp.size + sizeof(tmp)) return -EINVAL;

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

184

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.