CVE-2024-49973: r8169: add tally counter fields added with RTL8125
First published: Mon Oct 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: r8169: add tally counter fields added with RTL8125 RTL8125 added fields to the tally counter, what may result in the chip dma'ing these new fields to unallocated memory. Therefore make sure that the allocated memory area is big enough to hold all of the tally counter values, even if we use only parts of it.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=5.4<5.10.227 | |
| Linux Kernel | >=5.11<5.15.168 | |
| Linux Kernel | >=5.16<6.1.113 | |
| Linux Kernel | >=6.2<6.6.55 | |
| Linux Kernel | >=6.7<6.10.14 | |
| Linux Kernel | >=6.11<6.11.3 | |
| debian/linux | <=5.10.223-1<=5.10.226-1 | 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
| debian/linux-6.1 | 6.1.119-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/1c723d785adb711496bc64c24240f952f4faaabf
- https://git.kernel.org/stable/c/21950321ad33d7613b1453f4c503d7b1871deb61
- https://git.kernel.org/stable/c/585c048d15ed559f20cb94c8fa2f30077efa4fbc
- https://git.kernel.org/stable/c/64648ae8c97ec5a3165021627f5a1658ebe081ca
- https://git.kernel.org/stable/c/92bc8647b4d65f4d4bf8afdb206321c1bc55a486
- https://git.kernel.org/stable/c/991e8b0bab669b7d06927c3e442b3352532e8581
- https://git.kernel.org/stable/c/ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a
- https://git.kernel.org/stable/c/fe44b3bfbf0c74df5712f44458689d0eccccf47d
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49973
- https://nvd.nist.gov/vuln/detail/CVE-2024-49973
- https://launchpad.net/bugs/cve/CVE-2024-49973
- https://security-tracker.debian.org/tracker/CVE-2024-49973
- https://ubuntu.com/security/CVE-2024-49973
- https://git.kernel.org/linus/ced8e8b8f40accfcce4a2bbd8b150aa76d5eff9a
Frequently Asked Questions
What is the severity of CVE-2024-49973?
CVE-2024-49973 has been classified with a severity level that indicates it may lead to DMA'ing to unallocated memory, which poses potential security risks.
How do I fix CVE-2024-49973?
To fix CVE-2024-49973, update to the latest affected Linux kernel version as provided by your distribution.
Which Linux kernel versions are affected by CVE-2024-49973?
CVE-2024-49973 affects Linux kernel versions from 5.4 to 6.11.3, including several specific version ranges.
What specific issue does CVE-2024-49973 address?
CVE-2024-49973 addresses a vulnerability related to the addition of tally counter fields in the RTL8125 network driver.
Is there a recommended version to upgrade to for CVE-2024-49973?
The recommended versions to upgrade to for CVE-2024-49973 include recent releases such as 6.1.123-1 and 6.12.12-1.
- agent/title
- agent/type
- agent/first-publish-date
- agent/severity
- agent/remedy
- agent/references
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- collector/usn-cve
- source/Ubuntu
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/launchpad-cve
- source/Launchpad
- agent/source
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.4
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.11
- package-manager/debian