Description
In the Linux kernel, the following vulnerability has been resolved: netlink: add nla be16/32 types to minlen array BUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline] BUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline] BUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline] BUG: KMSAN: uninit-value in __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631 nla_validate_range_unsigned lib/nlattr.c:222 [inline] nla_validate_int_range lib/nlattr.c:336 [inline] validate_nla lib/nlattr.c:575 [inline] ... The message in question matches this policy: [NFTA_TARGET_REV] = NLA_POLICY_MAX(NLA_BE32, 255), but because NLA_BE32 size in minlen array is 0, the validation code will read past the malformed (too small) attribute. Note: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing: those likely should be added too.
Details
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Packages
| Software | From version | Fixed in |
|---|---|---|
| linux-allwinner-5.19 | — | — |
| linux-aws-5.0 | — | — |
| linux-aws-5.11 | — | — |
| linux-aws-5.13 | — | — |
| linux-aws-5.19 | — | — |
| linux-aws-5.3 | — | — |
| linux-aws-5.8 | — | — |
| linux-aws-6.2 | — | — |
| linux-aws-6.5 | — | — |
| linux-azure | — | — |
| linux-azure-5.11 | — | — |
| linux-azure-5.13 | — | — |
| linux-azure-5.19 | — | — |
| linux-azure-5.3 | — | — |
| linux-azure-5.8 | — | — |
| linux-azure-6.2 | — | — |
| linux-azure-6.5 | — | — |
| linux-azure-edge | — | — |
| linux-azure-fde | — | — |
| linux-azure-fde-5.19 | — | — |
| linux-azure-fde-6.2 | — | — |
| linux-azure-fde-6.8 | — | — |
| linux-bluefield | — | — |
| linux-gcp | — | — |
| linux-gcp-5.11 | — | — |
| linux-gcp-5.13 | — | — |
| linux-gcp-5.19 | — | — |
| linux-gcp-5.3 | — | — |
| linux-gcp-5.8 | — | — |
| linux-gcp-6.2 | — | — |
| linux-gcp-6.5 | — | — |
| linux-gke | — | — |
| linux-gke-4.15 | — | — |
| linux-gke-5.15 | — | — |
| linux-gke-5.4 | — | — |
| linux-gkeop-5.4 | — | — |
| linux-hwe | — | — |
| linux-hwe-5.11 | — | — |
| linux-hwe-5.13 | — | — |
| linux-hwe-5.19 | — | — |
| linux-hwe-5.8 | — | — |
| linux-hwe-6.2 | — | — |
| linux-hwe-6.5 | — | — |
| linux-hwe-edge | — | — |
| linux-intel-5.13 | — | — |
| linux-intel-iot-realtime | — | — |
| linux-lowlatency-hwe-5.19 | — | — |
| linux-lowlatency-hwe-6.2 | — | — |
| linux-lowlatency-hwe-6.5 | — | — |
| linux-nvidia | — | — |
| linux-nvidia-6.2 | — | — |
| linux-nvidia-6.5 | — | — |
| linux-oem | — | — |
| linux-oem-5.10 | — | — |
| linux-oem-5.13 | — | — |
| linux-oem-5.14 | — | — |
| linux-oem-5.17 | — | — |
| linux-oem-5.6 | — | — |
| linux-oem-6.0 | — | — |
| linux-oem-6.1 | — | — |
| linux-oem-6.5 | — | — |
| linux-oracle-5.0 | — | — |
| linux-oracle-5.11 | — | — |
| linux-oracle-5.13 | — | — |
| linux-oracle-5.3 | — | — |
| linux-oracle-5.8 | — | — |
| linux-oracle-6.5 | — | — |
| linux-raspi-realtime | — | 6.8.0-2002.2 |
| linux-raspi2 | — | — |
| linux-realtime | — | — |
| linux-riscv | — | — |
| linux-riscv-5.11 | — | — |
| linux-riscv-5.19 | — | — |
| linux-riscv-5.8 | — | — |
| linux-riscv-6.5 | — | — |
| linux-starfive-5.19 | — | — |
| linux-starfive-6.2 | — | — |
| linux-starfive-6.5 | — | — |
References
Similar Threats
- Unknown UBUNTU-CVE-2016-20022
- Unknown UBUNTU-CVE-2020-36778
- Unknown UBUNTU-CVE-2020-36779
- Unknown UBUNTU-CVE-2020-36780
- Unknown UBUNTU-CVE-2020-36781
Patch Gap Protection
Running software with known vulnerabilities?
BotEraser can help reduce exposure by blocking IPs associated with exploit activity — even before a patch is available.
Start Free →No credit card required · Results in minutes
ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.