CVE-2024-46854

HIGH EPSS 14.2%
Published Sep 27, 20241y ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
High
Find Similar
Published Sep 27, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be reproduced by running $ ping -s 11 destination

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥4.10  –  <6.1.111
linuxlinux_kernel*≥6.2  –  <6.6.52
linuxlinux_kernel*≥6.7  –  <6.10.11
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any

References 11

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-265688.html
  • git.kernel.org https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133
  • git.kernel.org https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83
  • git.kernel.org https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cd5b9d657ecd44ad5f254c3fea3a6ab1cf0e2ef7
  • git.kernel.org https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc43a096cfe65b5c32168313846c5cd135d08f1d
  • git.kernel.org https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00
    Patch