CVE-2024-50258

MEDIUM EPSS 10.8%
Published Nov 9, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Nov 9, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: fix crash when config small gso_max_size/gso_ipv4_max_size Config a small gso_max_size/gso_ipv4_max_size will lead to an underflow in sk_dst_gso_max_size(), which may trigger a BUG_ON crash, because sk->sk_gso_max_size would be much bigger than device limits. Call Trace: tcp_write_xmit tso_segs = tcp_init_tso_segs(skb, mss_now); tcp_set_skb_tso_segs tcp_skb_pcount_set // skb->len = 524288, mss_now = 8 // u16 tso_segs = 524288/8 = 65535 -> 0 tso_segs = DIV_ROUND_UP(skb->len, mss_now) BUG_ON(!tso_segs) Add check for the minimum value of gso_max_size and gso_ipv4_max_size.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
10.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-191

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥4.16  –  ≤6.6.60
linuxlinux_kernel*≥6.7  –  ≤6.11.7
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/90c8482a5d9791259ba77bfdc1849fc5128b4be7
  • git.kernel.org https://git.kernel.org/stable/c/9ab5cf19fb0e4680f95e506d6c544259bf1111c4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ac5977001eee7660c643f8e07a2de9001990b7b8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e72fd1389a5364bc6aa6312ecf30bdb5891b9486
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e9365368b483328639c03fc730448dccd5a25b6b
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/9ab5cf19fb0e4680f95e506d6c544259bf1111c4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ac5977001eee7660c643f8e07a2de9001990b7b8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e72fd1389a5364bc6aa6312ecf30bdb5891b9486
    Patch