CVE-2024-42247

wireguard: allowedips: avoid unaligned 64-bit memory accesses

Description

In the Linux kernel, the following vulnerability has been resolved: wireguard: allowedips: avoid unaligned 64-bit memory accesses On the parisc platform, the kernel issues kernel warnings because swap_endian() tries to load a 128-bit IPv6 address from an unaligned memory location: Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df) Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc) Avoid such unaligned memory accesses by instead using the get_unaligned_be64() helper macro. [Jason: replace src[8] in original patch with src+8]

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.08%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/ae630de24efb123d7199a43256396d7758f4cb75 patch
https://git.kernel.org/stable/c/b4764f0ad3d68de8a0b847c05f427afb86dd54e6 patch
https://git.kernel.org/stable/c/217978a29c6ceca76d3c640bf94bdf50c268d801 patch
https://git.kernel.org/stable/c/6638a203abad35fa636d59ac47bdbc4bc100fd74 patch
https://git.kernel.org/stable/c/2fb34bf76431e831f9863cd59adc0bd1f67b0fbf patch
https://git.kernel.org/stable/c/948f991c62a4018fb81d85804eeab3029c6209f8 patch

Frequently Asked Questions

What is the severity of CVE-2024-42247?
CVE-2024-42247 has been scored as a medium severity vulnerability.
How to fix CVE-2024-42247?
To fix CVE-2024-42247, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-42247 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-42247 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-42247?
CVE-2024-42247 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.