CVE-2024-49948

MEDIUM EPSS 20.7%
Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init() One path takes care of SKB_GSO_DODGY, assuming skb->len is bigger than hdr_len. virtio_net_hdr_to_skb() does not fully dissect TCP headers, it only make sure it is at least 20 bytes. It is possible for an user to provide a malicious 'GSO' packet, total length of 80 bytes. - 20 bytes of IPv4 header - 60 bytes TCP header - a small gso_size like 8 virtio_net_hdr_to_skb() would declare this packet as a normal GSO packet, because it would see 40 bytes of payload, bigger than gso_size. We need to make detect this case to not underflow qdisc_skb_cb(skb)->pkt_len.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
20.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥3.9  –  <4.19.323
linuxlinux_kernel*≥4.20  –  <5.4.285
linuxlinux_kernel*≥5.5  –  <5.10.227
linuxlinux_kernel*≥5.11  –  <5.15.168
linuxlinux_kernel*≥5.16  –  <6.1.113
linuxlinux_kernel*≥6.2  –  <6.6.55
linuxlinux_kernel*≥6.7  –  <6.10.14
linuxlinux_kernel*≥6.11  –  <6.11.3
linuxlinux_kernel6.12any

References 14

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-265688.html
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-355557.html
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-398330.html
  • git.kernel.org https://git.kernel.org/stable/c/1eebe602a8d8264a12e35e39d0645fa88dbbacdd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2415f465730e48b6e38da1c7c097317bf5dd2d20
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/27a8fabc54d2f960d47bdfbebf2bdc6e8a92a4c4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/473426a1d53a68dd1e718e6cd00d57936993fa6c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/566a931a1436d0e0ad13708ea55479b95426213c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b0ee571d20a238a22722126abdfde61f1b2bdd0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ab9a9a9e9647392a19e7a885b08000e89c86b535
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d7d1a28f5dd57b4d83def876f8d7b4403bd37df9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff1c3cadcf405ab37dd91418a62a7acecf3bc5e2
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1eebe602a8d8264a12e35e39d0645fa88dbbacdd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2415f465730e48b6e38da1c7c097317bf5dd2d20
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/27a8fabc54d2f960d47bdfbebf2bdc6e8a92a4c4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/473426a1d53a68dd1e718e6cd00d57936993fa6c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/566a931a1436d0e0ad13708ea55479b95426213c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b0ee571d20a238a22722126abdfde61f1b2bdd0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ab9a9a9e9647392a19e7a885b08000e89c86b535
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d7d1a28f5dd57b4d83def876f8d7b4403bd37df9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff1c3cadcf405ab37dd91418a62a7acecf3bc5e2
    Patch