medium
5.5
Advisory Published
Updated

CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init()

First published: Mon Oct 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init() One path takes care of SKB_GSO_DODGY, assuming skb->len is bigger than hdr_len. virtio_net_hdr_to_skb() does not fully dissect TCP headers, it only make sure it is at least 20 bytes. It is possible for an user to provide a malicious 'GSO' packet, total length of 80 bytes. - 20 bytes of IPv4 header - 60 bytes TCP header - a small gso_size like 8 virtio_net_hdr_to_skb() would declare this packet as a normal GSO packet, because it would see 40 bytes of payload, bigger than gso_size. We need to make detect this case to not underflow qdisc_skb_cb(skb)->pkt_len.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=3.9<4.19.323
Linux Kernel>=4.20<5.4.285
Linux Kernel>=5.5<5.10.227
Linux Kernel>=5.11<5.15.168
Linux Kernel>=5.16<6.1.113
Linux Kernel>=6.2<6.6.55
Linux Kernel>=6.7<6.10.14
Linux Kernel>=6.11<6.11.3
Linux Kernel=6.12-rc1
debian/linux<=5.10.223-1<=5.10.226-1
6.1.123-1
6.1.128-1
6.12.12-1
6.12.15-1
debian/linux-6.1
6.1.119-1~deb11u1

Remedy

https://git.kernel.org/stable/c/1eebe602a8d8264a12e35e39d0645fa88dbbacdd

Remedy

https://git.kernel.org/stable/c/2415f465730e48b6e38da1c7c097317bf5dd2d20

Remedy

https://git.kernel.org/stable/c/27a8fabc54d2f960d47bdfbebf2bdc6e8a92a4c4

Remedy

https://git.kernel.org/stable/c/473426a1d53a68dd1e718e6cd00d57936993fa6c

Remedy

https://git.kernel.org/stable/c/566a931a1436d0e0ad13708ea55479b95426213c

Remedy

https://git.kernel.org/stable/c/9b0ee571d20a238a22722126abdfde61f1b2bdd0

Remedy

https://git.kernel.org/stable/c/ab9a9a9e9647392a19e7a885b08000e89c86b535

Remedy

https://git.kernel.org/stable/c/d7d1a28f5dd57b4d83def876f8d7b4403bd37df9

Remedy

https://git.kernel.org/stable/c/ff1c3cadcf405ab37dd91418a62a7acecf3bc5e2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-49948?

    CVE-2024-49948 has been rated as having a moderate severity level.

  • How do I fix CVE-2024-49948?

    To address CVE-2024-49948, update the Linux kernel to a version that contains the fix.

  • Which versions of Linux kernel are affected by CVE-2024-49948?

    CVE-2024-49948 affects Linux kernel versions between 3.9 and 6.12-rc1.

  • What does CVE-2024-49948 entail?

    CVE-2024-49948 addresses an issue in the Linux kernel related to insufficient sanity checks in the network stack.

  • Is CVE-2024-49948 a common vulnerability?

    CVE-2024-49948 is specific to the Linux kernel and may not be widely applicable outside Linux-based systems.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203