We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-50258

net: fix crash when config small gso_max_size/gso_ipv4_max_size



Description

In the Linux kernel, the following vulnerability has been resolved: net: fix crash when config small gso_max_size/gso_ipv4_max_size Config a small gso_max_size/gso_ipv4_max_size will lead to an underflow in sk_dst_gso_max_size(), which may trigger a BUG_ON crash, because sk->sk_gso_max_size would be much bigger than device limits. Call Trace: tcp_write_xmit tso_segs = tcp_init_tso_segs(skb, mss_now); tcp_set_skb_tso_segs tcp_skb_pcount_set // skb->len = 524288, mss_now = 8 // u16 tso_segs = 524288/8 = 65535 -> 0 tso_segs = DIV_ROUND_UP(skb->len, mss_now) BUG_ON(!tso_segs) Add check for the minimum value of gso_max_size and gso_ipv4_max_size.

Reserved 2024-10-21 | Published 2024-11-09 | Updated 2024-11-19 | Assigner Linux

Product status

Default status
unaffected

46e6b992c250 before ac5977001eee
affected

46e6b992c250 before e72fd1389a53
affected

46e6b992c250 before 9ab5cf19fb0e
affected

Default status
affected

4.16
affected

Any version before 4.16
unaffected

6.6.60
unaffected

6.11.7
unaffected

6.12
unaffected

References

git.kernel.org/...c/ac5977001eee7660c643f8e07a2de9001990b7b8

git.kernel.org/...c/e72fd1389a5364bc6aa6312ecf30bdb5891b9486

git.kernel.org/...c/9ab5cf19fb0e4680f95e506d6c544259bf1111c4

cve.org (CVE-2024-50258)

nvd.nist.gov (CVE-2024-50258)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-50258

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.