ID

VAR-202407-2670


CVE

CVE-2024-42070


TITLE

Linux  of  Linux Kernel  Vulnerability regarding lack of memory release after expiration in

Trust: 0.8

sources: JVNDB: JVNDB-2024-004851

DESCRIPTION

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers. Linux of Linux Kernel Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the implementation of packet filtering. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on the SINEC operating system with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs). Multiple vulnerabilities in third-party components of Siemens' SINEC OS could allow attackers to gain control of the server

Trust: 2.79

sources: NVD: CVE-2024-42070 // JVNDB: JVNDB-2024-004851 // ZDI: ZDI-24-1642 // CNVD: CNVD-2025-19346

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-19346

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:gteversion:5.11

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.20

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.4.279

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.14

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.5

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.10.221

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.1.97

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:3.13

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.2

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.19.317

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.16

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.9.8

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.6.37

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.15.162

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.7

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion: -

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:3.13

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.7 that's all 6.9.8

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.2 that's all 6.6.37

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:4.20 that's all 5.4.279

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.11 that's all 5.15.162

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.16 that's all 6.1.97

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.5 that's all 5.10.221

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:3.14 that's all 4.19.317

Trust: 0.8

vendor:linuxmodel:kernelscope: - version: -

Trust: 0.7

vendor:siemensmodel:ruggedcom rst2428pscope:ltversion:v3.1

Trust: 0.6

vendor:siemensmodel:scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 familyscope:ltversion:v3.1

Trust: 0.6

vendor:siemensmodel:scalance xcm-/xrm-/xch-/xrh-300 familyscope:ltversion:v3.1

Trust: 0.6

sources: ZDI: ZDI-24-1642 // CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-004851 // NVD: CVE-2024-42070

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-42070
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-42070
value: MEDIUM

Trust: 0.8

ZDI: CVE-2024-42070
value: LOW

Trust: 0.7

CNVD: CNVD-2025-19346
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-19346
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-42070
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-42070
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2024-42070
baseSeverity: LOW
baseScore: 3.8
vectorString: AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.0
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-24-1642 // CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-004851 // NVD: CVE-2024-42070

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.0

problemtype:Lack of memory release after expiration (CWE-401) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-004851 // NVD: CVE-2024-42070

PATCH

title:Linux Kernel Archivesurl:https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=23752737c6a618e994f9a310ec2568881a6b49c4

Trust: 0.8

title:Linux has issued an update to correct this vulnerability.url:https://lore.kernel.org/linux-cve-announce/2024072952-CVE-2024-42070-b271@gregkh/

Trust: 0.7

title:Patch for Multiple vulnerabilities in Siemens SINEC OS third-party componentsurl:https://www.cnvd.org.cn/patchInfo/show/723071

Trust: 0.6

sources: ZDI: ZDI-24-1642 // CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-004851

EXTERNAL IDS

db:NVDid:CVE-2024-42070

Trust: 3.3

db:SIEMENSid:SSA-613116

Trust: 1.6

db:SIEMENSid:SSA-398330

Trust: 1.0

db:SIEMENSid:SSA-265688

Trust: 1.0

db:JVNDBid:JVNDB-2024-004851

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-24348

Trust: 0.7

db:ZDIid:ZDI-24-1642

Trust: 0.7

db:CNVDid:CNVD-2025-19346

Trust: 0.6

sources: ZDI: ZDI-24-1642 // CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-004851 // NVD: CVE-2024-42070

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-613116.html

Trust: 1.6

url:https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f

Trust: 1.0

url:https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Trust: 1.0

url:https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf

Trust: 1.0

url:https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4

Trust: 1.0

url:https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564

Trust: 1.0

url:https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Trust: 1.0

url:https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-398330.html

Trust: 1.0

url:https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-42070

Trust: 0.8

url:https://lore.kernel.org/linux-cve-announce/2024072952-cve-2024-42070-b271@gregkh/

Trust: 0.7

sources: ZDI: ZDI-24-1642 // CNVD: CNVD-2025-19346 // JVNDB: JVNDB-2024-004851 // NVD: CVE-2024-42070

CREDITS

HexRabbit (@h3xr4bb1t) of DEVCORE Research Team

Trust: 0.7

sources: ZDI: ZDI-24-1642

SOURCES

db:ZDIid:ZDI-24-1642
db:CNVDid:CNVD-2025-19346
db:JVNDBid:JVNDB-2024-004851
db:NVDid:CVE-2024-42070

LAST UPDATE DATE

2026-06-19T21:06:53.540000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-24-1642date:2024-12-03T00:00:00
db:CNVDid:CNVD-2025-19346date:2025-08-22T00:00:00
db:JVNDBid:JVNDB-2024-004851date:2024-08-01T04:30:00
db:NVDid:CVE-2024-42070date:2026-05-12T12:17:03.453

SOURCES RELEASE DATE

db:ZDIid:ZDI-24-1642date:2024-12-03T00:00:00
db:CNVDid:CNVD-2025-19346date:2025-08-12T00:00:00
db:JVNDBid:JVNDB-2024-004851date:2024-08-01T00:00:00
db:NVDid:CVE-2024-42070date:2024-07-29T16:15:06.540