Unrated severityNVD Advisory· Published Jul 12, 2024· Updated May 4, 2025

netfilter: nft_inner: validate mandatory meta and payload

CVE-2024-39504

Description

In the Linux kernel, the following vulnerability has been resolved:

Check for mandatory netlink attributes in payload and meta expression when used embedded from the inner expression, otherwise NULL pointer dereference is possible from userspace.

Affected products

110

osv-coords109 versions
pkg:rpm/almalinux/bpftool pkg:rpm/almalinux/kernel pkg:rpm/almalinux/kernel-64k pkg:rpm/almalinux/kernel-64k-core pkg:rpm/almalinux/kernel-64k-debug pkg:rpm/almalinux/kernel-64k-debug-core pkg:rpm/almalinux/kernel-64k-debug-devel pkg:rpm/almalinux/kernel-64k-debug-devel-matched pkg:rpm/almalinux/kernel-64k-debug-modules pkg:rpm/almalinux/kernel-64k-debug-modules-core pkg:rpm/almalinux/kernel-64k-debug-modules-extra pkg:rpm/almalinux/kernel-64k-devel pkg:rpm/almalinux/kernel-64k-devel-matched pkg:rpm/almalinux/kernel-64k-modules pkg:rpm/almalinux/kernel-64k-modules-core pkg:rpm/almalinux/kernel-64k-modules-extra pkg:rpm/almalinux/kernel-abi-stablelists pkg:rpm/almalinux/kernel-core pkg:rpm/almalinux/kernel-cross-headers pkg:rpm/almalinux/kernel-debug pkg:rpm/almalinux/kernel-debug-core pkg:rpm/almalinux/kernel-debug-devel pkg:rpm/almalinux/kernel-debug-devel-matched pkg:rpm/almalinux/kernel-debug-modules pkg:rpm/almalinux/kernel-debug-modules-core pkg:rpm/almalinux/kernel-debug-modules-extra pkg:rpm/almalinux/kernel-debug-uki-virt pkg:rpm/almalinux/kernel-devel pkg:rpm/almalinux/kernel-devel-matched pkg:rpm/almalinux/kernel-doc pkg:rpm/almalinux/kernel-headers pkg:rpm/almalinux/kernel-modules pkg:rpm/almalinux/kernel-modules-core pkg:rpm/almalinux/kernel-modules-extra pkg:rpm/almalinux/kernel-rt pkg:rpm/almalinux/kernel-rt-core pkg:rpm/almalinux/kernel-rt-debug pkg:rpm/almalinux/kernel-rt-debug-core pkg:rpm/almalinux/kernel-rt-debug-devel pkg:rpm/almalinux/kernel-rt-debug-modules pkg:rpm/almalinux/kernel-rt-debug-modules-core pkg:rpm/almalinux/kernel-rt-debug-modules-extra pkg:rpm/almalinux/kernel-rt-devel pkg:rpm/almalinux/kernel-rt-modules pkg:rpm/almalinux/kernel-rt-modules-core pkg:rpm/almalinux/kernel-rt-modules-extra pkg:rpm/almalinux/kernel-tools pkg:rpm/almalinux/kernel-tools-libs pkg:rpm/almalinux/kernel-tools-libs-devel pkg:rpm/almalinux/kernel-uki-virt pkg:rpm/almalinux/kernel-zfcpdump pkg:rpm/almalinux/kernel-zfcpdump-core pkg:rpm/almalinux/kernel-zfcpdump-devel pkg:rpm/almalinux/kernel-zfcpdump-devel-matched pkg:rpm/almalinux/kernel-zfcpdump-modules pkg:rpm/almalinux/kernel-zfcpdump-modules-core pkg:rpm/almalinux/kernel-zfcpdump-modules-extra pkg:rpm/almalinux/libperf pkg:rpm/almalinux/perf pkg:rpm/almalinux/python3-perf pkg:rpm/almalinux/rtla pkg:rpm/almalinux/rv pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_3&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
< 7.3.0-427.42.1.el9_4+ 108 more
- (no CPE)range: < 7.3.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 5.14.0-427.42.1.el9_4
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.8.8.2
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.23.17.1.150600.12.6.2
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.23.17.3
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 6.4.0-150600.8.8.2
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 6.4.0-150600.8.8.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.8.8.2
- (no CPE)range: < 6.4.0-150600.23.17.1.150600.12.6.2
- (no CPE)range: < 6.4.0-17.1.1.51
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 6.4.0-150600.23.17.3
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 1-150600.1.5.1
- (no CPE)range: < 1-150600.13.3.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 6.4.0-9.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 6.4.0-150600.8.8.2
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 6.4.0-9.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 6.4.0-150600.8.8.1
- (no CPE)range: < 6.4.0-150600.23.17.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 6.4.0-150600.23.17.1
Linux/Linuxcpe-rescue
Range: 6.2

Patches

c4ab9da85b9d

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

commit

39323f54cad2

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

commit

b30669fdea0c

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000