High

Linux kernel netfilter ipset bitmap_ip_uadt missing range check

IdentifiersCVE-2024-53141CWE-20

CVE-2024-53141 is a Linux kernel flaw in netfilter ipset, specifically in the bitmap_ip_uadt path. According to the provided description, when IPSET_ATTR_IP_TO is absent but IPSET_ATTR_CIDR is present, the handling of ip and ip_to becomes slightly swapped. As a result, the expected validation of the ip value is performed at the wrong point, leaving a required range check missing. The upstream fix adds the missing range validation and removes checks that were unnecessary in the affected logic. This is an input-validation error in kernel networking code that processes ipset bitmap IP update/add/test operations.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

A missing range check in kernel-space netfilter/ipset code can allow malformed or unexpected input to reach code paths that assume validated address bounds. Based on the provided context, this can lead to security impact in the Linux kernel and has been associated in mention context with possible privilege-escalation discussion, but the precise exploitation outcome is not explicitly stated in the supplied content. The confirmed impact from the provided description is that improper validation in kernel networking code creates a vulnerability condition in the kernel.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure by restricting or disabling use of the affected ipset functionality where operationally feasible, especially workflows that allow untrusted or less-trusted actors to create or modify ipset entries through netfilter-related interfaces. Limit access to privileged network administration capabilities and kernel attack surface until patched. Specific mitigations beyond patching are not provided in the supplied content.

Remediation

Patch, then assume compromise.

Apply the Linux kernel update containing the netfilter ipset fix for CVE-2024-53141. The fix adds the missing range check in bitmap_ip_uadt for the case where IPSET_ATTR_IP_TO is not supplied and IPSET_ATTR_CIDR is present, and removes unnecessary checks. Use the vendor-supported patched kernel version for the affected distribution.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

LinuxLinux Kerneloperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

9 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

9 SOURCESView more in app

security online infoNews

Jan 19, 2026

The Patch After the Patch: Microsoft Issues Emergency Fix for Remote Desktop and Shutdown Bugs

Linux kernel privilege escalation vulnerability (mentioned only as a related post headline; no technical details provided in this content).

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity8

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2024-53141

NVD

nvd.nist.gov/vuln/detail/CVE-2024-53141

MITRE CWE · CWE-20

cwe.mitre.org

Patch

git.kernel.org/stable/c/15794835378ed56fb9bacc6a5dd3b9f33520604e

Patch

git.kernel.org/stable/c/35f56c554eb1b56b77b3cf197a6b00922d49033d

Patch

git.kernel.org/stable/c/3c20b5948f119ae61ee35ad8584d666020c91581

Patch

git.kernel.org/stable/c/591efa494a1cf649f50a35def649c43ae984cd03

Patch

git.kernel.org/stable/c/856023ef032d824309abd5c747241dffa33aae8c

git.kernel.org

git.kernel.org/stable/c/2e151b8ca31607d14fddc4ad0f14da0893e1a7c7

git.kernel.org

git.kernel.org/stable/c/78b0f2028f1043227a8eb0c41944027fc6a04596

git.kernel.org

git.kernel.org/stable/c/7ffef5e5d5eeecd9687204a5ec2d863752aafb7e

git.kernel.org

git.kernel.org/stable/c/e67471437ae9083fa73fa67eee1573fec1b7c8cf

+2 more references

view more in app