CVE - CVE-2024-46854

CVE-ID
CVE-2024-46854	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be reproduced by running $ ping -s 11 destination
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133 URL:https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133 MISC:https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a URL:https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a MISC:https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83 URL:https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83 MISC:https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0 URL:https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0 MISC:https://git.kernel.org/stable/c/cd5b9d657ecd44ad5f254c3fea3a6ab1cf0e2ef7 URL:https://git.kernel.org/stable/c/cd5b9d657ecd44ad5f254c3fea3a6ab1cf0e2ef7 MISC:https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2 URL:https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2 MISC:https://git.kernel.org/stable/c/dc43a096cfe65b5c32168313846c5cd135d08f1d URL:https://git.kernel.org/stable/c/dc43a096cfe65b5c32168313846c5cd135d08f1d MISC:https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00 URL:https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00
Assigning CNA
kernel.org
Date Record Created
20240911	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240911)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.