LiveActive security incident?Get immediate response
CVE Record

CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port

In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX. These attributes are validated (in the function do_setlink in rtnetlink.c) using the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE as NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and IFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation using the policy is for the max size of the attributes and not on exact size so the length of these attributes might be less than the sizes that enic_set_vf_port expects. This might cause an out of bands read access in the memcpys of the data of these attributes in enic_set_vf_port.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel bug in the enic network driver. Certain netlink attributes can be shorter than the driver expects, causing an out-of-bounds read during VF port configuration. The public sources do not provide a CVSS score, confirmed impact beyond memory read, or evidence of exploitation.

Executive priority

Treat as a targeted kernel maintenance issue, not an internet-scale emergency based on current evidence. Prioritize patching for infrastructure using affected kernels and enic networking, especially vendor appliances or long-term-support Linux estates covered by the advisories.

Technical view

enic_set_vf_port assumes exact lengths for IFLA_PORT_PROFILE, IFLA_PORT_INSTANCE_UUID, and IFLA_PORT_HOST_UUID. rtnetlink policy validation enforces maximum size, not exact size, so shorter attributes can reach memcpy paths and cause out-of-bounds reads. Kernel stable commits add length validation.

Likely exposure

Exposure appears limited to Linux systems running affected kernels where the enic driver and relevant VF port netlink configuration path are used. The source bundle also includes Debian LTS and Siemens advisories, indicating downstream product and distribution relevance. Remote exposure is not established in the provided sources.

Exploitation context

CISA KEV is false in the source bundle, and no cited source claims active exploitation. The public description identifies a malformed or short netlink attribute condition, but does not document exploitability, required privileges, or reliable security impact beyond possible out-of-bounds read.

Researcher notes

The key uncertainty is impact severity. Sources confirm an out-of-bounds read from insufficient exact-length checks, but do not provide CVSS, CWE, exploit status, privilege requirements, or crash versus disclosure behavior. Analysis should remain tied to kernel and vendor advisory evidence.

Mitigation direction

  • Update to a kernel package containing the referenced stable enic validation fixes.
  • Use distribution or device vendor advisories for exact fixed builds.
  • Prioritize systems using affected Linux kernels with the enic driver present.
  • Review Debian LTS and Siemens advisories if those environments are in scope.
  • If patching is delayed, limit access to network VF port configuration.

Validation and detection

  • Inventory Linux kernel versions against vendor fixed package guidance.
  • Check whether the enic driver is present or used on exposed systems.
  • Confirm installed kernels include one of the referenced stable fixes.
  • Review Debian and Siemens advisories for product-specific affected versions.
  • Document any systems requiring compensating controls until patched.
Prepared
Confidence
medium
Sources
12

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-38659 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
3ADP providers
12Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxf8bd909183acffad68780b10c1cdf36161cfd5d1, f8bd909183acffad68780b10c1cdf36161cfd5d1, f8bd909183acffad68780b10c1cdf36161cfd5d1, f8bd909183acffad68780b10c1cdf36161cfd5d1, f8bd909183acffad68780b10c1cdf36161cfd5d1, f8bd909183acffad68780b10c1cdf36161cfd5d1, f8bd909183acffad68780b10c1cdf36161cfd5d1, f8bd909183acffad68780b10c1cdf36161cfd5d1unaffected
LinuxLinux2.6.35, 0, 4.19.316, 5.4.278, 5.10.219, 5.15.161, 6.1.93, 6.6.33, 6.9.4, 6.10affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.