CVE-2024-46861

Summary

In the Linux kernel, the following vulnerability has been resolved:

usbnet: ipheth: do not stop RX on failing RX callback

RX callbacks can fail for multiple reasons:

  • Payload too short
  • Payload formatted incorrecly (e.g. bad NCM framing)
  • Lack of memory

None of these should cause the driver to seize up.

Make such failures non-critical and continue processing further incoming URBs.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa2d274c62e44b1995c170595db3865c6fe701226 < 4d1cfa3afb8627435744ecdc6d8b58bc72ee0f4caffected
LinuxLinuxa2d274c62e44b1995c170595db3865c6fe701226 < 08ca800b0cd56d5e26722f68b18bbbf6840bf44baffected
LinuxLinuxa2d274c62e44b1995c170595db3865c6fe701226 < 74efed51e0a4d62f998f806c307778b47fc73395affected
LinuxLinux6.5affected
LinuxLinux0 < 6.5unaffected
LinuxLinux6.6.52 <= 6.6.*unaffected
LinuxLinux6.10.11 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References