CVE-2024-49948

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/stable/c/566a931a1436d0e0ad13708ea55479b95426213c", "name": "https://git.kernel.org/stable/c/566a931a1436d0e0ad13708ea55479b95426213c", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/2415f465730e48b6e38da1c7c097317bf5dd2d20", "name": "https://git.kernel.org/stable/c/2415f465730e48b6e38da1c7c097317bf5dd2d20", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/27a8fabc54d2f960d47bdfbebf2bdc6e8a92a4c4", "name": "https://git.kernel.org/stable/c/27a8fabc54d2f960d47bdfbebf2bdc6e8a92a4c4", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/9b0ee571d20a238a22722126abdfde61f1b2bdd0", "name": "https://git.kernel.org/stable/c/9b0ee571d20a238a22722126abdfde61f1b2bdd0", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/ff1c3cadcf405ab37dd91418a62a7acecf3bc5e2", "name": "https://git.kernel.org/stable/c/ff1c3cadcf405ab37dd91418a62a7acecf3bc5e2", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/1eebe602a8d8264a12e35e39d0645fa88dbbacdd", "name": "https://git.kernel.org/stable/c/1eebe602a8d8264a12e35e39d0645fa88dbbacdd", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/ab9a9a9e9647392a19e7a885b08000e89c86b535", "name": "https://git.kernel.org/stable/c/ab9a9a9e9647392a19e7a885b08000e89c86b535", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/d7d1a28f5dd57b4d83def876f8d7b4403bd37df9", "name": "https://git.kernel.org/stable/c/d7d1a28f5dd57b4d83def876f8d7b4403bd37df9", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/473426a1d53a68dd1e718e6cd00d57936993fa6c", "name": "https://git.kernel.org/stable/c/473426a1d53a68dd1e718e6cd00d57936993fa6c", "tags": ["Patch"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add more sanity checks to qdisc_pkt_len_init()\n\nOne path takes care of SKB_GSO_DODGY, assuming\nskb->len is bigger than hdr_len.\n\nvirtio_net_hdr_to_skb() does not fully dissect TCP headers,\nit only make sure it is at least 20 bytes.\n\nIt is possible for an user to provide a malicious 'GSO' packet,\ntotal length of 80 bytes.\n\n- 20 bytes of IPv4 header\n- 60 bytes TCP header\n- a small gso_size like 8\n\nvirtio_net_hdr_to_skb() would declare this packet as a normal\nGSO packet, because it would see 40 bytes of payload,\nbigger than gso_size.\n\nWe need to make detect this case to not underflow\nqdisc_skb_cb(skb)->pkt_len."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-49948", "ASSIGNER": "cve@kernel.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}}, "publishedDate": "2024-10-21T18:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.11"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.10.227", "versionStartIncluding": "5.5"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.10.14", "versionStartIncluding": "6.7"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.11.3", "versionStartIncluding": "6.11"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.6.55", "versionStartIncluding": "6.2"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.4.285", "versionStartIncluding": "4.20"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.19.323", "versionStartIncluding": "3.9"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-11-12T21:19Z"}