CVE-2024-42281

Summary

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix a segment issue when downgrading gso_size

Linearize the skb when downgrading gso_size because it may trigger a BUG_ON() later when the skb is segmented as described in [1,2].

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2be7e212d5419a400d051c84ca9fdd083e5aacac < a689f5eb13a90f892a088865478b3cd39f53d5dcaffected
LinuxLinux2be7e212d5419a400d051c84ca9fdd083e5aacac < dda518dea60d556a2d171c0122ca7d9fdb7d473aaffected
LinuxLinux2be7e212d5419a400d051c84ca9fdd083e5aacac < f6bb8c90cab97a3e03f8d30e3069efe6a742e0beaffected
LinuxLinux2be7e212d5419a400d051c84ca9fdd083e5aacac < 11ec79f5c7f74261874744039bc1551023edd6b2affected
LinuxLinux2be7e212d5419a400d051c84ca9fdd083e5aacac < c3496314c53e7e82ddb544c825defc3e8c0e45cfaffected
LinuxLinux2be7e212d5419a400d051c84ca9fdd083e5aacac < ec4eea14d75f7b0491194dd413f540dd19b8c733affected
LinuxLinux2be7e212d5419a400d051c84ca9fdd083e5aacac < fa5ef655615a01533035c6139248c5b33aa27028affected
LinuxLinux4.13affected
LinuxLinux0 < 4.13unaffected
LinuxLinux5.4.282 <= 5.4.*unaffected
LinuxLinux5.10.224 <= 5.10.*unaffected
LinuxLinux5.15.165 <= 5.15.*unaffected
LinuxLinux6.1.103 <= 6.1.*unaffected
LinuxLinux6.6.44 <= 6.6.*unaffected
LinuxLinux6.10.3 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References