CVE-2024-49948

{"id": "CVE-2024-49948", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-10-21T18:15:16.260", "references": [{"url": "https://git.kernel.org/stable/c/1eebe602a8d8264a12e35e39d0645fa88dbbacdd", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2415f465730e48b6e38da1c7c097317bf5dd2d20", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/27a8fabc54d2f960d47bdfbebf2bdc6e8a92a4c4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/473426a1d53a68dd1e718e6cd00d57936993fa6c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/566a931a1436d0e0ad13708ea55479b95426213c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9b0ee571d20a238a22722126abdfde61f1b2bdd0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ab9a9a9e9647392a19e7a885b08000e89c86b535", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d7d1a28f5dd57b4d83def876f8d7b4403bd37df9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ff1c3cadcf405ab37dd91418a62a7acecf3bc5e2", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add more sanity checks to qdisc_pkt_len_init()\n\nOne path takes care of SKB_GSO_DODGY, assuming\nskb->len is bigger than hdr_len.\n\nvirtio_net_hdr_to_skb() does not fully dissect TCP headers,\nit only make sure it is at least 20 bytes.\n\nIt is possible for an user to provide a malicious 'GSO' packet,\ntotal length of 80 bytes.\n\n- 20 bytes of IPv4 header\n- 60 bytes TCP header\n- a small gso_size like 8\n\nvirtio_net_hdr_to_skb() would declare this packet as a normal\nGSO packet, because it would see 40 bytes of payload,\nbigger than gso_size.\n\nWe need to make detect this case to not underflow\nqdisc_skb_cb(skb)->pkt_len."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: a\u00f1adir m\u00e1s comprobaciones de cordura a qdisc_pkt_len_init() Una ruta se encarga de SKB_GSO_DODGY, asumiendo que skb->len es m\u00e1s grande que hdr_len. virtio_net_hdr_to_skb() no disecciona completamente los encabezados TCP, solo se asegura de que tengan al menos 20 bytes. Es posible que un usuario proporcione un paquete 'GSO' malicioso, con una longitud total de 80 bytes. - 20 bytes de encabezado IPv4 - 60 bytes de encabezado TCP - un gso_size peque\u00f1o como 8 virtio_net_hdr_to_skb() declarar\u00eda este paquete como un paquete GSO normal, porque ver\u00eda 40 bytes de carga \u00fatil, m\u00e1s grande que gso_size. Necesitamos hacer que detecte este caso para no desbordar qdisc_skb_cb(skb)->pkt_len."}], "lastModified": "2024-11-12T21:19:24.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4858BA8-F6CA-4A65-9871-EAC1E8C606C7", "versionEndExcluding": "4.19.323", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A89369-320F-47FC-8695-56F61F87E4C0", "versionEndExcluding": "5.4.285", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "795A3EE6-0CAB-4409-A903-151C94ACECC0", "versionEndExcluding": "5.10.227", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C", "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0", "versionEndExcluding": "6.6.55", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021", "versionEndExcluding": "6.10.14", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9", "versionEndExcluding": "6.11.3", "versionStartIncluding": "6.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}