CVE-2024-42284: tipc: Return non-zero value from tipc_udp_addr2str() on error

Published Aug 17, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

tipc: Return non-zero value from tipcudpaddr2str() on error

tipcudpaddr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipcmediaaddrprintf(). Fix this by returning 1 on an invalid UDP media address.

Other sources

This CVE was automatically created from a reference found in an email or other text. If you are reading this, then this CVE entry is probably erroneous, since this text should be replaced by the official CVE description automatically.

Launchpad

Affected Software

16 affected componentsFixes available
Linux Linux kernel>=4.1<4.19.320
Linux Linux kernel>=4.20<5.4.282
Linux Linux kernel>=5.5<5.10.224
Linux Linux kernel>=5.11<5.15.165
Linux Linux kernel>=5.16<6.1.103
Linux Linux kernel>=6.2<6.6.44
Linux Linux kernel>=6.7<6.10.3
debian/linux<=5.10.223-1
5.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1
debian/linux-6.1
6.1.129-1~deb11u1
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance - Identity Manager virtual appliance component<=ISVG 10.0.2
Microsoft cbl2 kernel 5.15.167.1-1
Patch available
Microsoft cbl2 kernel 5.15.164.1-1
Patch available
Microsoft cbl2 kernel 5.15.164.1-1
Patch available
Microsoft azl3 kernel 6.6.47.1-1
Patch available
Microsoft azl3 kernel 6.6.43.1-7
Patch available

Remediation

Patch Available

https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f

Patch Available

https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a

Patch Available

https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69

Patch Available

https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813

Patch Available

https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28

Patch Available

https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b

Patch Available

https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8

Patch Available

https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076

Event History

Aug 17, 2024
CVE Published
via MITRE·09:08 AM
Data Sourced
via MITRE·09:08 AM
Description
Data Sourced
via NVD·09:15 AM
RemedyDescriptionSeverityWeaknessAffected Software
Sep 11, 2024
Data Sourced
via Microsoft·07:00 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·07:00 AM
Affected Software
Updated
via Microsoft·07:00 AM
DescriptionSeverity
Oct 23, 2024
Data Sourced
via Launchpad·11:27 PM
Description
Apr 27, 2025
Data Sourced
via Ubuntu·12:34 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-42284?

The severity of CVE-2024-42284 is significant due to the risk of buffer overflow that could lead to system crashes or unauthorized access.

2

How do I fix CVE-2024-42284?

To fix CVE-2024-42284, update the Linux kernel to a version that includes the patch, specifically to 5.10.226-1, 6.1.123-1, 6.1.119-1, 6.12.10-1, or 6.12.11-1.

3

Which Linux kernel versions are vulnerable to CVE-2024-42284?

Linux kernel versions before 5.10.226-1, 6.1.123-1, 6.1.119-1, 6.12.10-1, and 6.12.11-1 are vulnerable to CVE-2024-42284.

4

What products are affected by CVE-2024-42284?

CVE-2024-42284 affects various Linux kernel versions, including those listed in the Debian and CPE identifiers.

5

Is there a workaround for CVE-2024-42284?

There is no specific workaround for CVE-2024-42284; updating to a patched version is the recommended solution.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203