CVE-2024-49948
Published: Oct 21, 2024
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init() One path takes care of SKB_GSO_DODGY, assuming skb->len is bigger than hdr_len. virtio_net_hdr_to_skb() does not fully dissect TCP headers, it only make sure it is at least 20 bytes. It is possible for an user to provide a malicious 'GSO' packet, total length of 80 bytes. - 20 bytes of IPv4 header - 60 bytes TCP header - a small gso_size like 8 virtio_net_hdr_to_skb() would declare this packet as a normal GSO packet, because it would see 40 bytes of payload, bigger than gso_size. We need to make detect this case to not underflow qdisc_skb_cb(skb)->pkt_len.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1def9238d4aa2146924994aa4b7dc861f03b9362 - < d7d1a28f5dd57b4d83def876f8d7b4403bd37df9affected 1def9238d4aa2146924994aa4b7dc861f03b9362 - < 473426a1d53a68dd1e718e6cd00d57936993fa6caffected 1def9238d4aa2146924994aa4b7dc861f03b9362 - < 566a931a1436d0e0ad13708ea55479b95426213caffected 1def9238d4aa2146924994aa4b7dc861f03b9362 - < 2415f465730e48b6e38da1c7c097317bf5dd2d20affected 1def9238d4aa2146924994aa4b7dc861f03b9362 - < 27a8fabc54d2f960d47bdfbebf2bdc6e8a92a4c4+4 more versions |
Linux | Linux | affected 3.9unaffected 0 - < 3.9unaffected 4.19.323 - <= 4.19.*unaffected 5.4.285 - <= 5.4.*unaffected 5.10.227 - <= 5.10.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now