{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T22:17:40.084","vulnerabilities":[{"cve":{"id":"CVE-2024-56638","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-12-27T15:15:23.527","lastModified":"2025-10-07T20:19:30.120","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: incorrect percpu area handling under softirq\n\nSoftirq can interrupt ongoing packet from process context that is\nwalking over the percpu area that contains inner header offsets.\n\nDisable bh and perform three checks before restoring the percpu inner\nheader offsets to validate that the percpu area is valid for this\nskbuff:\n\n1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff\n   has already been parsed before for inner header fetching to\n   register.\n\n2) Validate that the percpu area refers to this skbuff using the\n   skbuff pointer as a cookie. If there is a cookie mismatch, then\n   this skbuff needs to be parsed again.\n\n3) Finally, validate if the percpu area refers to this tunnel type.\n\nOnly after these three checks the percpu area is restored to a on-stack\ncopy and bh is enabled again.\n\nAfter inner header fetching, the on-stack copy is stored back to the\npercpu area."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_inner: gestión incorrecto del área percpu bajo softirq Softirq puede interrumpir el paquete en curso del contexto del proceso que recorre el área percpu que contiene desplazamientos de encabezado interno. Deshabilite bh y realice tres comprobaciones antes de restaurar los desplazamientos de encabezado interno percpu para validar que el área percpu sea válida para este skbuff: 1) Si el indicador NFT_PKTINFO_INNER_FULL está activado, este skbuff ya se ha analizado antes para que la obtención del encabezado interno se registre. 2) Valide que el área percpu haga referencia a este skbuff usando el puntero skbuff como una cookie. Si hay una discrepancia de cookies, este skbuff debe analizarse nuevamente. 3) Finalmente, valide si el área percpu hace referencia a este tipo de túnel. Solo después de estas tres comprobaciones, el área percpu se restaura a una copia en la pila y bh se habilita nuevamente. Después de obtener el encabezado interno, la copia en la pila se almacena nuevamente en el área perCPU."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.66","matchCriteriaId":"29A976AD-B9AB-4A95-9F08-7669F8847EB9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.5","matchCriteriaId":"9501D045-7A94-42CA-8B03-821BE94A65B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*","matchCriteriaId":"62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/53c7314208c865086d78b4e88da53bc33da0b603","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7b1d83da254be3bf054965c8f3b1ad976f460ae5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/da5cc778e7bf78fe525bc90ec2043f41415c31d9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}