{"id":"CVE-2024-53141","summary":"netfilter: ipset: add missing range check in bitmap_ip_uadt","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: add missing range check in bitmap_ip_uadt\n\nWhen tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists,\nthe values of ip and ip_to are slightly swapped. Therefore, the range check\nfor ip should be done later, but this part is missing and it seems that the\nvulnerability occurs.\n\nSo we should add missing range checks and remove unnecessary range checks.","modified":"2026-05-18T05:57:19.717923891Z","published":"2024-12-06T09:37:02.009Z","related":["ALSA-2025:7531","ALSA-2025:7532","SUSE-SU-2025:0117-1","SUSE-SU-2025:0153-1","SUSE-SU-2025:0154-1","SUSE-SU-2025:02099-1","SUSE-SU-2025:02264-1","SUSE-SU-2025:02308-1","SUSE-SU-2025:02320-1","SUSE-SU-2025:02321-1","SUSE-SU-2025:02322-1","SUSE-SU-2025:0236-1","SUSE-SU-2025:02537-1","SUSE-SU-2025:0289-1","SUSE-SU-2025:0556-1","SUSE-SU-2025:0577-1","SUSE-SU-2025:0577-2","SUSE-SU-2025:20165-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20248-1","SUSE-SU-2025:20249-1","SUSE-SU-2025:21085-1","SUSE-SU-2025:21086-1","SUSE-SU-2025:21092-1","SUSE-SU-2025:21093-1","SUSE-SU-2025:21107-1","SUSE-SU-2025:21116-1","SUSE-SU-2025:4161-1","SUSE-SU-2025:4170-1","SUSE-SU-2025:4171-1","SUSE-SU-2025:4194-1","SUSE-SU-2025:4199-1","SUSE-SU-2025:4203-1","SUSE-SU-2025:4215-1","SUSE-SU-2025:4227-1","SUSE-SU-2025:4230-1","SUSE-SU-2025:4233-1","SUSE-SU-2025:4239-1","SUSE-SU-2025:4243-1","SUSE-SU-2025:4255-1","SUSE-SU-2025:4256-1","SUSE-SU-2025:4261-1","SUSE-SU-2025:4283-1","USN-7276-1","USN-7277-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53141.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/15794835378ed56fb9bacc6a5dd3b9f33520604e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2e151b8ca31607d14fddc4ad0f14da0893e1a7c7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/35f56c554eb1b56b77b3cf197a6b00922d49033d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3c20b5948f119ae61ee35ad8584d666020c91581"},{"type":"WEB","url":"https://git.kernel.org/stable/c/591efa494a1cf649f50a35def649c43ae984cd03"},{"type":"WEB","url":"https://git.kernel.org/stable/c/78b0f2028f1043227a8eb0c41944027fc6a04596"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7ffef5e5d5eeecd9687204a5ec2d863752aafb7e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/856023ef032d824309abd5c747241dffa33aae8c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e67471437ae9083fa73fa67eee1573fec1b7c8cf"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53141.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53141"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"72205fc68bd13109576aa6c4c12c740962d28a6c"},{"fixed":"3c20b5948f119ae61ee35ad8584d666020c91581"},{"fixed":"78b0f2028f1043227a8eb0c41944027fc6a04596"},{"fixed":"2e151b8ca31607d14fddc4ad0f14da0893e1a7c7"},{"fixed":"e67471437ae9083fa73fa67eee1573fec1b7c8cf"},{"fixed":"7ffef5e5d5eeecd9687204a5ec2d863752aafb7e"},{"fixed":"856023ef032d824309abd5c747241dffa33aae8c"},{"fixed":"591efa494a1cf649f50a35def649c43ae984cd03"},{"fixed":"15794835378ed56fb9bacc6a5dd3b9f33520604e"},{"fixed":"35f56c554eb1b56b77b3cf197a6b00922d49033d"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53141.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.39"},{"fixed":"4.19.325"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.287"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.231"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.174"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.120"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.64"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.11.11"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.12.0"},{"fixed":"6.12.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53141.json"}}],"schema_version":"1.7.5"}