CVE-2024-53141: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-53141 is a vulnerability in the Linux kernel's netfilter ipset component, specifically in the bitmapipuadt function. The vulnerability was discovered on December 6, 2024, affecting Linux kernel versions from 2.6.39 up to versions before 4.19.325, 6.6.64, 6.11.11, and 6.12.2. The issue occurs when tb[IPSETATTRIPTO] is not present but tb[IPSETATTRCIDR] exists, causing values of ip and ipto to be incorrectly swapped (NVD).

The vulnerability stems from a missing range check in the bitmapipuadt function within the netfilter ipset module. When specific conditions are met regarding IP address attributes, the values of ip and ip_to are improperly handled, leading to potential security issues. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could potentially allow an attacker to bypass security checks related to IP address ranges in the netfilter ipset functionality. This could lead to unauthorized access or manipulation of network filtering rules (NVD).

The vulnerability has been patched in the Linux kernel with commit 35f56c554eb1b56b77b3cf197a6b00922d49033d. The fix involves adding proper range checks and removing unnecessary ones in the bitmapipuadt function. Users should update to Linux kernel versions 4.19.325, 6.6.64, 6.11.11, 6.12.2 or later to address this vulnerability (Ubuntu Security).