CVE-2024-47408
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/smc: check smcd_v2_ext_offset when receiving proposal msg
When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcd_v2_ext_offset exceed the max value, there has the chance to access wrong address, and crash may happen.
This patch checks the value of smcd_v2_ext_offset before using it.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 5c21c4ccafe85906db809de3af391fd434df8a27 < a36364d8d4fabb105001f992fb8ff2d3546203d6 | affected |
| Linux | Linux | 5c21c4ccafe85906db809de3af391fd434df8a27 < e1cc8be2a785a8f1ce1f597f3e608602c5fccd46 | affected |
| Linux | Linux | 5c21c4ccafe85906db809de3af391fd434df8a27 < 935caf324b445fe73d7708fae6f7176fb243f357 | affected |
| Linux | Linux | 5c21c4ccafe85906db809de3af391fd434df8a27 < 48d5a8a304a643613dab376a278f29d3e22f7c34 | affected |
| Linux | Linux | 5c21c4ccafe85906db809de3af391fd434df8a27 < 9ab332deb671d8f7e66d82a2ff2b3f715bc3a4ad | affected |
| Linux | Linux | 5.10 | affected |
| Linux | Linux | 0 < 5.10 | unaffected |
| Linux | Linux | 5.15.176 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.122 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.68 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.7 <= 6.12.* | unaffected |
| Linux | Linux | 6.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
References
- https://git.kernel.org/stable/c/a36364d8d4fabb105001f992fb8ff2d3546203d6
- https://git.kernel.org/stable/c/e1cc8be2a785a8f1ce1f597f3e608602c5fccd46
- https://git.kernel.org/stable/c/935caf324b445fe73d7708fae6f7176fb243f357
- https://git.kernel.org/stable/c/48d5a8a304a643613dab376a278f29d3e22f7c34
- https://git.kernel.org/stable/c/9ab332deb671d8f7e66d82a2ff2b3f715bc3a4ad
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.