CVE-2024-45018: netfilter: flowtable: initialise extack before use

Published Sep 11, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

netfilter: flowtable: initialise extack before use

Fix missing initialisation of extack in flow offload.

Affected Software

17 affected componentsFixes available
Linux Linux kernel>=5.5<5.10.225
Linux Linux kernel>=5.11<5.15.166
Linux Linux kernel>=5.16<6.1.107
Linux Linux kernel>=6.2<6.6.48
Linux Linux kernel>=6.7<6.10.7
Linux Linux kernel=6.11-rc1
Linux Linux kernel=6.11-rc2
Linux Linux kernel=6.11-rc3
debian/linux<=5.10.223-1
5.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1
debian/linux-6.1
6.1.129-1~deb11u1
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance - Identity Manager virtual appliance component<=ISVG 10.0.2
Microsoft cbl2 kernel 5.15.164.1-1
Patch available
Microsoft azl3 kernel 6.6.47.1-1
Patch available
Microsoft cbl2 kernel 5.15.164.1-1
Patch available
Microsoft azl3 kernel 6.6.51.1-1
Patch available
Microsoft cbl2 kernel 5.15.167.1-1
Patch available

Remediation

Patch Available

https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1

Patch Available

https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7

Patch Available

https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78

Patch Available

https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f

Patch Available

https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d

Patch Available

https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2

Event History

Sep 11, 2024
CVE Published
via MITRE·03:13 PM
Data Sourced
via MITRE·03:13 PM
Description
Data Sourced
via NVD·04:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Data Sourced
via Red Hat·04:21 PM
DescriptionSeverityAffected Software
Oct 12, 2024
Data Sourced
via Microsoft·07:00 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·07:00 AM
Affected Software
Updated
via Microsoft·07:00 AM
Affected Software
Updated
via Microsoft·07:00 AM
SeverityAffected Software
Updated
via Microsoft·07:00 AM
DescriptionSeverity
Apr 29, 2025
Data Sourced
via Ubuntu·06:23 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-45018?

CVE-2024-45018 is classified with a low severity level.

2

How do I fix CVE-2024-45018?

To fix CVE-2024-45018, upgrade to the latest kernel version as specified in your distribution's advisory.

3

What versions of the Linux kernel are affected by CVE-2024-45018?

CVE-2024-45018 affects Linux kernel versions from 5.5 to 6.11-rc3.

4

Can I still use my system if it is vulnerable to CVE-2024-45018?

While you can continue to use your system, it is recommended to apply the patch to mitigate potential risks.

5

What are the consequences of CVE-2024-45018?

The consequences of CVE-2024-45018 could include issues with flow offload functionality in netfilter.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203