CVE-2024-42281

MEDIUM EPSS 14.6%
Published Aug 17, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Aug 17, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gso_size Linearize the skb when downgrading gso_size because it may trigger a BUG_ON() later when the skb is segmented as described in [1,2].

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥4.13  –  <5.4.282
linuxlinux_kernel*≥5.5  –  <5.10.224
linuxlinux_kernel*≥5.11  –  <5.15.165
linuxlinux_kernel*≥5.16  –  <6.1.103
linuxlinux_kernel*≥6.2  –  <6.6.44
linuxlinux_kernel*≥6.7  –  <6.10.3

References 10

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-265688.html
  • git.kernel.org https://git.kernel.org/stable/c/11ec79f5c7f74261874744039bc1551023edd6b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a689f5eb13a90f892a088865478b3cd39f53d5dc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3496314c53e7e82ddb544c825defc3e8c0e45cf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dda518dea60d556a2d171c0122ca7d9fdb7d473a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ec4eea14d75f7b0491194dd413f540dd19b8c733
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f6bb8c90cab97a3e03f8d30e3069efe6a742e0be
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fa5ef655615a01533035c6139248c5b33aa27028
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/11ec79f5c7f74261874744039bc1551023edd6b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a689f5eb13a90f892a088865478b3cd39f53d5dc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3496314c53e7e82ddb544c825defc3e8c0e45cf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dda518dea60d556a2d171c0122ca7d9fdb7d473a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ec4eea14d75f7b0491194dd413f540dd19b8c733
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f6bb8c90cab97a3e03f8d30e3069efe6a742e0be
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fa5ef655615a01533035c6139248c5b33aa27028
    Patch