{"id":"CVE-2024-56650","summary":"netfilter: x_tables: fix LED ID check in led_tg_check()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: fix LED ID check in led_tg_check()\n\nSyzbot has reported the following BUG detected by KASAN:\n\nBUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70\nRead of size 1 at addr ffff8881022da0c8 by task repro/5879\n...\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x241/0x360\n ? __pfx_dump_stack_lvl+0x10/0x10\n ? __pfx__printk+0x10/0x10\n ? _printk+0xd5/0x120\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x183/0x530\n print_report+0x169/0x550\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x45f/0x530\n ? __phys_addr+0xba/0x170\n ? strlen+0x58/0x70\n kasan_report+0x143/0x180\n ? strlen+0x58/0x70\n strlen+0x58/0x70\n kstrdup+0x20/0x80\n led_tg_check+0x18b/0x3c0\n xt_check_target+0x3bb/0xa40\n ? __pfx_xt_check_target+0x10/0x10\n ? stack_depot_save_flags+0x6e4/0x830\n ? nft_target_init+0x174/0xc30\n nft_target_init+0x82d/0xc30\n ? __pfx_nft_target_init+0x10/0x10\n ? nf_tables_newrule+0x1609/0x2980\n ? nf_tables_newrule+0x1609/0x2980\n ? rcu_is_watching+0x15/0xb0\n ? nf_tables_newrule+0x1609/0x2980\n ? nf_tables_newrule+0x1609/0x2980\n ? __kmalloc_noprof+0x21a/0x400\n nf_tables_newrule+0x1860/0x2980\n ? __pfx_nf_tables_newrule+0x10/0x10\n ? __nla_parse+0x40/0x60\n nfnetlink_rcv+0x14e5/0x2ab0\n ? __pfx_validate_chain+0x10/0x10\n ? __pfx_nfnetlink_rcv+0x10/0x10\n ? __lock_acquire+0x1384/0x2050\n ? netlink_deliver_tap+0x2e/0x1b0\n ? __pfx_lock_release+0x10/0x10\n ? netlink_deliver_tap+0x2e/0x1b0\n netlink_unicast+0x7f8/0x990\n ? __pfx_netlink_unicast+0x10/0x10\n ? __virt_addr_valid+0x183/0x530\n ? __check_object_size+0x48e/0x900\n netlink_sendmsg+0x8e4/0xcb0\n ? __pfx_netlink_sendmsg+0x10/0x10\n ? aa_sock_msg_perm+0x91/0x160\n ? __pfx_netlink_sendmsg+0x10/0x10\n __sock_sendmsg+0x223/0x270\n ____sys_sendmsg+0x52a/0x7e0\n ? __pfx_____sys_sendmsg+0x10/0x10\n __sys_sendmsg+0x292/0x380\n ? __pfx___sys_sendmsg+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x43d/0x780\n ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10\n ? exc_page_fault+0x590/0x8c0\n ? do_syscall_64+0xb6/0x230\n do_syscall_64+0xf3/0x230\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n \u003c/TASK\u003e\n\nSince an invalid (without '\\0' byte at all) byte sequence may be passed\nfrom userspace, add an extra check to ensure that such a sequence is\nrejected as possible ID and so never passed to 'kstrdup()' and further.","modified":"2026-04-02T12:25:03.634581Z","published":"2024-12-27T15:02:50.098Z","related":["MGASA-2025-0030","MGASA-2025-0032","SUSE-SU-2025:0428-1","SUSE-SU-2025:0499-1","SUSE-SU-2025:0555-1","SUSE-SU-2025:0556-1","SUSE-SU-2025:0557-1","SUSE-SU-2025:0564-1","SUSE-SU-2025:0565-1","SUSE-SU-2025:0576-1","SUSE-SU-2025:0577-1","SUSE-SU-2025:0577-2","SUSE-SU-2025:0603-1","SUSE-SU-2025:0771-1","SUSE-SU-2025:0867-1","SUSE-SU-2025:1385-1","SUSE-SU-2025:1387-1","SUSE-SU-2025:1392-1","SUSE-SU-2025:1402-1","SUSE-SU-2025:1403-1","SUSE-SU-2025:1408-1","SUSE-SU-2025:1416-1","SUSE-SU-2025:1418-1","SUSE-SU-2025:1422-1","SUSE-SU-2025:1423-1","SUSE-SU-2025:1425-1","SUSE-SU-2025:1444-1","SUSE-SU-2025:1445-1","SUSE-SU-2025:1448-1","SUSE-SU-2025:1449-1","SUSE-SU-2025:1454-1","SUSE-SU-2025:1463-1","SUSE-SU-2025:1467-1","SUSE-SU-2025:1468-1","SUSE-SU-2025:20165-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20211-1","SUSE-SU-2025:20212-1","SUSE-SU-2025:20213-1","SUSE-SU-2025:20214-1","SUSE-SU-2025:20215-1","SUSE-SU-2025:20248-1","SUSE-SU-2025:20249-1","SUSE-SU-2025:20314-1","SUSE-SU-2025:20315-1","SUSE-SU-2025:20341-1","SUSE-SU-2025:20369-1","SUSE-SU-2025:4123-1","USN-7379-2","USN-7380-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56650.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/04317f4eb2aad312ad85c1a17ad81fe75f1f9bc7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/147a42bb02de8735cb08476be6d0917987d022c2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/36a9d94dac28beef6b8abba46ba8874320d3e800"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a9bcc0b70d9baf3ff005874489a0dc9d023b54c3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ab9916321c95f5280b72b4c5055e269f98627efe"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ad28612ebae1fcc1104bd432e99e99d87f6bfe09"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c40c96d98e536fc1daaa125c2332b988615e30a4"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56650.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56650"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"268cb38e1802db560c73167e643f14a3dcb4b07c"},{"fixed":"147a42bb02de8735cb08476be6d0917987d022c2"},{"fixed":"ad28612ebae1fcc1104bd432e99e99d87f6bfe09"},{"fixed":"36a9d94dac28beef6b8abba46ba8874320d3e800"},{"fixed":"ab9916321c95f5280b72b4c5055e269f98627efe"},{"fixed":"a9bcc0b70d9baf3ff005874489a0dc9d023b54c3"},{"fixed":"c40c96d98e536fc1daaa125c2332b988615e30a4"},{"fixed":"04317f4eb2aad312ad85c1a17ad81fe75f1f9bc7"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56650.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}