We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)
Bugpilot (Bug tracking)

Ok

THREATINT CVE Home CVE Diag Help
PUBLISHED

CVE-2024-26752

l2tp: pass correct message length to ip6_append_data

Reserved:2024-02-19
Published:2024-04-03
Updated:2024-04-04

Description

In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6_append_data l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the skbuff contains data using skb_queue_empty when deciding how much data to append using ip6_append_data. However, the code which performed the calculation was incorrect: ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0; ...due to C operator precedence, this ends up setting ulen to transhdrlen for messages with a non-zero length, which results in corrupted packets on the wire. Add parentheses to correct the calculation in line with the original intent.

Product status

Default status
unaffected

559d697c5d07 before 4c3ce64bc9d3
affected

1fc793d68d50 before c1d3a84a67db
affected

96b2e1090397 before dcb4d1426859
affected

cd1189956393 before 0da15a703951
affected

f6a7182179c0 before 13cd1daeea84
affected

9d4c75800f61 before 804bd8650a3a
affected

9d4c75800f61 before 83340c66b498
affected

9d4c75800f61 before 359e54a93ab4
affected

Default status
affected

6.6
affected

Any version before 6.6
unaffected

4.19.308
unaffected

5.4.270
unaffected

5.10.211
unaffected

5.15.150
unaffected

6.1.80
unaffected

6.6.19
unaffected

6.7.7
unaffected

6.8
unaffected

References

https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae

https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5

https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243

https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d

https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500

https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56

https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6

https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79

cve.org CVE-2024-26752

nvd.nist.gov CVE-2024-26752

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-26752