Memory Access Vulnerability in Linux Kernel's Server Proposal Message Handling

CVE-2024-47408

Summary

In the Linux kernel, a vulnerability exists when handling proposal messages from remote clients. Specifically, the field smcd_v2_ext_offset, sourced from the client, is not fully validated before use. If this value exceeds its maximum limit, it can lead to accessing invalid memory addresses, potentially resulting in a crash of the server. A patch has been implemented to thoroughly check the smcd_v2_ext_offset value to enhance security and prevent such occurrences.

References