CVE - CVE-2024-41044

CVE-ID
CVE-2024-41044	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'ppp_async_encode()' assumes valid LCP packets (with code from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that LCP packet has an actual body beyond PPP_LCP header bytes, and reject claimed-as-LCP but actually malformed data otherwise.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/099502ca410922b56353ccef2749bc0de669da78 URL:https://git.kernel.org/stable/c/099502ca410922b56353ccef2749bc0de669da78 MISC:https://git.kernel.org/stable/c/3134bdf7356ed952dcecb480861d2afcc1e40492 URL:https://git.kernel.org/stable/c/3134bdf7356ed952dcecb480861d2afcc1e40492 MISC:https://git.kernel.org/stable/c/3ba12c2afd933fc1bf800f6d3f6c7ec8f602ce56 URL:https://git.kernel.org/stable/c/3ba12c2afd933fc1bf800f6d3f6c7ec8f602ce56 MISC:https://git.kernel.org/stable/c/6e8f1c21174f9482033bbb59f13ce1a8cbe843c3 URL:https://git.kernel.org/stable/c/6e8f1c21174f9482033bbb59f13ce1a8cbe843c3 MISC:https://git.kernel.org/stable/c/97d1efd8be26615ff680cdde86937d5943138f37 URL:https://git.kernel.org/stable/c/97d1efd8be26615ff680cdde86937d5943138f37 MISC:https://git.kernel.org/stable/c/d683e7f3fc48f59576af34631b4fb07fd931343e URL:https://git.kernel.org/stable/c/d683e7f3fc48f59576af34631b4fb07fd931343e MISC:https://git.kernel.org/stable/c/ebc5c630457783d17d0c438b0ad70b232a64a82f URL:https://git.kernel.org/stable/c/ebc5c630457783d17d0c438b0ad70b232a64a82f MISC:https://git.kernel.org/stable/c/f2aeb7306a898e1cbd03963d376f4b6656ca2b55 URL:https://git.kernel.org/stable/c/f2aeb7306a898e1cbd03963d376f4b6656ca2b55
Assigning CNA
kernel.org
Date Record Created
20240712	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240712)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.