We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-49948

net: add more sanity checks to qdisc_pkt_len_init()



Description

In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init() One path takes care of SKB_GSO_DODGY, assuming skb->len is bigger than hdr_len. virtio_net_hdr_to_skb() does not fully dissect TCP headers, it only make sure it is at least 20 bytes. It is possible for an user to provide a malicious 'GSO' packet, total length of 80 bytes. - 20 bytes of IPv4 header - 60 bytes TCP header - a small gso_size like 8 virtio_net_hdr_to_skb() would declare this packet as a normal GSO packet, because it would see 40 bytes of payload, bigger than gso_size. We need to make detect this case to not underflow qdisc_skb_cb(skb)->pkt_len.

Reserved 2024-10-21 | Published 2024-10-21 | Updated 2024-11-19 | Assigner Linux

Product status

Default status
unaffected

1def9238d4aa before d7d1a28f5dd5
affected

1def9238d4aa before 473426a1d53a
affected

1def9238d4aa before 566a931a1436
affected

1def9238d4aa before 2415f465730e
affected

1def9238d4aa before 27a8fabc54d2
affected

1def9238d4aa before 9b0ee571d20a
affected

1def9238d4aa before ff1c3cadcf40
affected

1def9238d4aa before 1eebe602a8d8
affected

1def9238d4aa before ab9a9a9e9647
affected

Default status
affected

3.9
affected

Any version before 3.9
unaffected

4.19.323
unaffected

5.4.285
unaffected

5.10.227
unaffected

5.15.168
unaffected

6.1.113
unaffected

6.6.55
unaffected

6.10.14
unaffected

6.11.3
unaffected

6.12
unaffected

References

git.kernel.org/...c/d7d1a28f5dd57b4d83def876f8d7b4403bd37df9

git.kernel.org/...c/473426a1d53a68dd1e718e6cd00d57936993fa6c

git.kernel.org/...c/566a931a1436d0e0ad13708ea55479b95426213c

git.kernel.org/...c/2415f465730e48b6e38da1c7c097317bf5dd2d20

git.kernel.org/...c/27a8fabc54d2f960d47bdfbebf2bdc6e8a92a4c4

git.kernel.org/...c/9b0ee571d20a238a22722126abdfde61f1b2bdd0

git.kernel.org/...c/ff1c3cadcf405ab37dd91418a62a7acecf3bc5e2

git.kernel.org/...c/1eebe602a8d8264a12e35e39d0645fa88dbbacdd

git.kernel.org/...c/ab9a9a9e9647392a19e7a885b08000e89c86b535

cve.org (CVE-2024-49948)

nvd.nist.gov (CVE-2024-49948)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-49948

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.