CVE-2024-26673

netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations

References

Notes

 carnil> Introduced in 857b46027d6f ("netfilter: nft_ct: add ct expectations support").
 carnil> Vulnerable versions: 5.3-rc1.

Bugs

Status

Branch Status
4.19-buster-security N/A "Vulnerable code not present"
4.19-upstream-stable N/A "Vulnerable code not present"
5.10-bullseye-security released (5.10.216-1)
5.10-upstream-stable released (5.10.210) [65ee90efc928410c6f73b3d2e0afdd762652c09d]
6.1-bookworm-security released (6.1.82-1)
6.1-upstream-stable released (6.1.77) [0f501dae16b7099e69ee9b0d5c70b8f40fd30e98]
6.6-upstream-stable released (6.6.16) [cfe3550ea5df292c9e2d608e8c4560032391847e]
6.8-upstream-stable N/A "Fixed before branching point"
sid released (6.7.7-1)
upstream released (6.8-rc3) [8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4]