{"id":"CVE-2024-42154","summary":"tcp_metrics: validate source addr length","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: validate source addr length\n\nI don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4\nis at least 4 bytes long, and the policy doesn't have an entry\nfor this attribute at all (neither does it for IPv6 but v6 is\nmanually validated).","modified":"2026-03-20T12:38:43.389194Z","published":"2024-07-30T07:46:51.456Z","related":["ALSA-2024:7000","ALSA-2024:7001","MGASA-2024-0277","MGASA-2024-0278","SUSE-SU-2024:3551-1","SUSE-SU-2024:3553-1","SUSE-SU-2024:3559-1","SUSE-SU-2024:3561-1","SUSE-SU-2024:3564-1","SUSE-SU-2024:3566-1","SUSE-SU-2024:3569-1","SUSE-SU-2024:3587-1","SUSE-SU-2024:3591-1","SUSE-SU-2024:3592-1","SUSE-SU-2025:20073-1","SUSE-SU-2025:20077-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42154.json"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/09/24/3"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/09/24/4"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/09/25/3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/19d997b59fa1fd7a02e770ee0881c0652b9c32c9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2a2e79dbe2236a1289412d2044994f7ab419b44c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/31f03bb04146c1c6df6c03e9f45401f5f5a985d3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3d550dd5418729a6e77fe7721d27adea7152e321"},{"type":"WEB","url":"https://git.kernel.org/stable/c/66be40e622e177316ae81717aa30057ba9e61dff"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8c2debdd170e395934ac0e039748576dfde14e99"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cdffc358717e436bb67122bb82c1a2a26e050f98"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ef7c428b425beeb52b894e16f1c4b629d6cebfb6"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42154.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42154"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240828-0010/"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"3e7013ddf55af7bc191792b8aea0c2b94fb0fef5"},{"fixed":"19d997b59fa1fd7a02e770ee0881c0652b9c32c9"},{"fixed":"2a2e79dbe2236a1289412d2044994f7ab419b44c"},{"fixed":"cdffc358717e436bb67122bb82c1a2a26e050f98"},{"fixed":"ef7c428b425beeb52b894e16f1c4b629d6cebfb6"},{"fixed":"31f03bb04146c1c6df6c03e9f45401f5f5a985d3"},{"fixed":"8c2debdd170e395934ac0e039748576dfde14e99"},{"fixed":"3d550dd5418729a6e77fe7721d27adea7152e321"},{"fixed":"66be40e622e177316ae81717aa30057ba9e61dff"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42154.json"}}],"schema_version":"1.7.5"}