AI description
CVE-2024-53141 is a vulnerability in the Linux kernel's netfilter subsystem, specifically within the ipset component. The flaw stems from a missing range check in the `bitmap_ip_uadt` function when handling `IPSET_ATTR_CIDR` parameters. The vulnerability occurs when `tb[IPSET_ATTR_IP_TO]` is absent, but `tb[IPSET_ATTR_CIDR]` is present, causing the `ip` and `ip_to` values to be swapped. This oversight leads to an out-of-bounds memory access, potentially allowing attackers to manipulate memory outside the intended boundaries.
- Description
- In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
21
🚨 New Linux Kernel 0-Day Alert 🚨 CVE-2024-53141: A critical flaw in the Linux kernel's IP sets framework allows local attackers to escalate privileges and potentially gain root access.Cyber Security News 🔍 Vulnerability Details: Affected Component: IP sets framework in the
@CareWeDoNot
18 Apr 2025
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
security-research/pocs/linux/kernelctf/CVE-2024-53141_lts/exploit/lts-6.6.62 at master · google/security-research · GitHub https://t.co/RF96paZJ4o
@akaclandestine
18 Apr 2025
596 Impressions
0 Retweets
1 Like
4 Bookmarks
0 Replies
0 Quotes
Critical Linux Kernel Flaw CVE-2024-53141: High-Risk Privilege Escalation Uncovered Read the full story: https://t.co/8oLIat6pFz
@theinfosecnews
18 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53141: Linux Kernel Flaw Enables Privilege Escalation, PoC Releases https://t.co/ylBgo8KoXp
@Dinosn
18 Apr 2025
2143 Impressions
4 Retweets
30 Likes
13 Bookmarks
0 Replies
0 Quotes
Linuxカーネルの権限昇格脆弱性CVE-2024-53141に対応するPoC(攻撃の概念実証コード)が公表された。netfilterサブシステムのipsetコンポーネントにおける境界外アクセスの脆弱性で、KASLRを迂回しカーネルレベルのコード実行が可能。 https://t.co/ObCm4VhV3j
@__kokumoto
18 Apr 2025
2577 Impressions
15 Retweets
38 Likes
15 Bookmarks
0 Replies
0 Quotes
Linuxカーネルの脆弱性CVE-2024-53141が公開された。PoCもGithubに公開済み。この欠陥はnetfilterサブシステムのipsetコンポーネントに存在し、深刻なOOB(Out-of-Bounds)アクセスを引き起こす。
@yousukezan
18 Apr 2025
776 Impressions
0 Retweets
6 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2024-53141: Linux Kernel Flaw Enables Privilege Escalation, PoC Releases A vulnerability (CVE-2024-53141) in the Linux kernel's ipset component allows for privilege escalation and kernel-level code execution. https://t.co/g97ZL1CJh3
@the_yellow_fall
18 Apr 2025
2629 Impressions
19 Retweets
48 Likes
16 Bookmarks
0 Replies
0 Quotes
CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt https://t.co/ZalPG49kRS I have completed writing a PoC that successfully LPE using my vulnerability :) https://t.co/gHcWH9jMlg
@aha310510
18 Jan 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt https://t.co/ZalPG49kRS https://t.co/o6yqb5XJDp
@aha310510
18 Jan 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2024-53141 | Linux Kernel up to 4.19.324/6.11.10/6.12.1 netfilter bitmap_ip_uadt Privilege Escalation (Nessus ID 214250)) has been published on https://t.co/qysxIKqqKv
@WolfgangSesin
16 Jan 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2023-6932, CVE-2023-0461: UaF/LPE in Linux kernel https://t.co/OOfZ4dy95Q 2. CVE-2024-53141: An OOB Write Vulnerability in Netfiler Ipset https://t.co/rVzuElL9KO 3. CVE-2024-50603: Aviatrix Network Controller Command Injection Vulnerability… https://t.co/s0jItYw
@ksg93rd
9 Jan 2025
62 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53141 (CVSS:7.8, HIGH) is Analyzed. In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap..https://t.co/eL4jWyuse9 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
11 Dec 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53141 In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not pre… https://t.co/GJo7s2Y0N0
@CVEnew
6 Dec 2024
332 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C7770FA-B486-4531-9A29-FE9BC1D2E0D9",
"versionEndExcluding": "4.19.325",
"versionStartIncluding": "2.6.39"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D42B3E7C-85DF-4DBF-A6EC-E45F69FF2DCA",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "4.20"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893",
"versionEndExcluding": "6.11.11",
"versionStartIncluding": "6.7"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776",
"versionEndExcluding": "6.12.2",
"versionStartIncluding": "6.12"
}
],
"operator": "OR"
}
]
}
]