CVE-2024-41044

MEDIUM EPSS 20.4%
Published Jul 29, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 29, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'ppp_async_encode()' assumes valid LCP packets (with code from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that LCP packet has an actual body beyond PPP_LCP header bytes, and reject claimed-as-LCP but actually malformed data otherwise.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
20.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 19

VendorProductVersionRange
linuxlinux_kernel*≥2.6.13  –  <4.19.318
linuxlinux_kernel*≥4.20  –  <5.4.280
linuxlinux_kernel*≥5.5  –  <5.10.222
linuxlinux_kernel*≥5.11  –  <5.15.163
linuxlinux_kernel*≥5.16  –  <6.1.100
linuxlinux_kernel*≥6.2  –  <6.6.41
linuxlinux_kernel*≥6.7  –  <6.9.10
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/099502ca410922b56353ccef2749bc0de669da78
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3134bdf7356ed952dcecb480861d2afcc1e40492
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3ba12c2afd933fc1bf800f6d3f6c7ec8f602ce56
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6e8f1c21174f9482033bbb59f13ce1a8cbe843c3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/97d1efd8be26615ff680cdde86937d5943138f37
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d683e7f3fc48f59576af34631b4fb07fd931343e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ebc5c630457783d17d0c438b0ad70b232a64a82f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f2aeb7306a898e1cbd03963d376f4b6656ca2b55
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/099502ca410922b56353ccef2749bc0de669da78
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3134bdf7356ed952dcecb480861d2afcc1e40492
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3ba12c2afd933fc1bf800f6d3f6c7ec8f602ce56
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6e8f1c21174f9482033bbb59f13ce1a8cbe843c3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/97d1efd8be26615ff680cdde86937d5943138f37
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d683e7f3fc48f59576af34631b4fb07fd931343e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ebc5c630457783d17d0c438b0ad70b232a64a82f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f2aeb7306a898e1cbd03963d376f4b6656ca2b55
    Patch