CVE - CVE-2024-49979

CVE-ID
CVE-2024-49979	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: net: gso: fix tcp fraglist segmentation after pull from frag_list Detect tcp gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, as the first can segment them correctly. Valid SKB_GSO_FRAGLIST skbs - consist of two or more segments - the head_skb holds the protocol headers plus first gso_size - one or more frag_list skbs hold exactly one segment - all but the last must be gso_size Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can modify these skbs, breaking these invariants. In extreme cases they pull all data into skb linear. For TCP, this causes a NULL ptr deref in __tcpv4_gso_segment_list_csum at tcp_hdr(seg->next). Detect invalid geometry due to pull, by checking head_skb size. Don't just drop, as this may blackhole a destination. Convert to be able to pass to regular skb_segment. Approach and description based on a patch by Willem de Bruijn.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/17bd3bd82f9f79f3feba15476c2b2c95a9b11ff8 URL:https://git.kernel.org/stable/c/17bd3bd82f9f79f3feba15476c2b2c95a9b11ff8 MISC:https://git.kernel.org/stable/c/2d4a83a44428de45bfe9dccb0192a3711d1097e0 URL:https://git.kernel.org/stable/c/2d4a83a44428de45bfe9dccb0192a3711d1097e0 MISC:https://git.kernel.org/stable/c/3fdd8c83e83fa5e82f1b5585245c51e0355c9f46 URL:https://git.kernel.org/stable/c/3fdd8c83e83fa5e82f1b5585245c51e0355c9f46
Assigning CNA
kernel.org
Date Record Created
20241021	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20241021)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)