CVE-2024-47408

Published: Jan 11, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcd_v2_ext_offset exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks the value of smcd_v2_ext_offset before using it.

Vendor	Product	Versions
Linux	Linux	affected `5c21c4ccafe85906db809de3af391fd434df8a27 - < a36364d8d4fabb105001f992fb8ff2d3546203d6` affected `5c21c4ccafe85906db809de3af391fd434df8a27 - < e1cc8be2a785a8f1ce1f597f3e608602c5fccd46` affected `5c21c4ccafe85906db809de3af391fd434df8a27 - < 935caf324b445fe73d7708fae6f7176fb243f357` affected `5c21c4ccafe85906db809de3af391fd434df8a27 - < 48d5a8a304a643613dab376a278f29d3e22f7c34` affected `5c21c4ccafe85906db809de3af391fd434df8a27 - < 9ab332deb671d8f7e66d82a2ff2b3f715bc3a4ad`
Linux	Linux	affected `5.10` unaffected `0 - < 5.10` unaffected `5.15.176 - <= 5.15.` unaffected `6.1.122 - <= 6.1.` unaffected `6.6.68 - <= 6.6.*` +2 more versions

References

https://git.kernel.org/stable/c/a36364d8d4fabb105001f992fb8ff2d3546203d6

https://git.kernel.org/stable/c/e1cc8be2a785a8f1ce1f597f3e608602c5fccd46

https://git.kernel.org/stable/c/935caf324b445fe73d7708fae6f7176fb243f357

https://git.kernel.org/stable/c/48d5a8a304a643613dab376a278f29d3e22f7c34

https://git.kernel.org/stable/c/9ab332deb671d8f7e66d82a2ff2b3f715bc3a4ad

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-47408

Description

Affected Products

References