CVE-2024-44940

HIGH EPSS 15.6%
Published Aug 26, 20241y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Aug 26, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: fou: remove warn in gue_gro_receive on unsupported protocol Drop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is not known or does not have a GRO handler. Such a packet is easily constructed. Syzbot generates them and sets off this warning. Remove the warning as it is expected and not actionable. The warning was previously reduced from WARN_ON to WARN_ON_ONCE in commit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad proto callbacks").

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
15.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 6

VendorProductVersionRange
debiandebian_linux11.0any
linuxlinux_kernel*≥3.18  –  <5.10.234
linuxlinux_kernel*≥5.11  –  <5.15.174
linuxlinux_kernel*≥5.16  –  <6.1.107
linuxlinux_kernel*≥6.2  –  <6.6.47
linuxlinux_kernel*≥6.7  –  <6.10.6

References 8

  • git.kernel.org https://git.kernel.org/stable/c/3db4395332e7050ef9ddeb3052e6b5019f2a2a59
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/440ab7f97261bc28501636a13998e1b1946d2e79
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5a2e37bc648a2503bf6d687aed27b9f4455d82eb
    Issue Tracking
  • git.kernel.org https://git.kernel.org/stable/c/a925a200299a6dfc7c172f54da6f374edc930053
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b1453a5616c7bd8acd90633ceba4e59105ba3b51
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dd89a81d850fa9a65f67b4527c0e420d15bf836c
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3db4395332e7050ef9ddeb3052e6b5019f2a2a59
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/440ab7f97261bc28501636a13998e1b1946d2e79
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a925a200299a6dfc7c172f54da6f374edc930053
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b1453a5616c7bd8acd90633ceba4e59105ba3b51
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dd89a81d850fa9a65f67b4527c0e420d15bf836c
    Patch