Server Vulnerability in Linux Kernel Affects Proposal Message Handling
CVE-2024-49568

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

Summary

A vulnerability exists in the Linux kernel's handling of proposal messages where certain fields, specifically v2_ext_offset, eid_cnt, and ism_gid_cnt, are derived from untrusted remote client inputs. If these fields are not rigorously checked, they can lead to potential access of incorrect memory addresses, resulting in system crashes. The recent patch introduces validations for these fields before processing, mitigating the risk of exploitation and enhancing the integrity of server operations.

Affected Version(s)

Linux 8c3dca341aea885249e08856c4380300b75d2cf5 < 295a92e3df32e72aff0f4bc25c310e349d07ffbf

Linux 8c3dca341aea885249e08856c4380300b75d2cf5 < 42f6beb2d5779429417b5f8115a4e3fa695d2a6c

Linux 8c3dca341aea885249e08856c4380300b75d2cf5 < 7863c9f3d24ba49dbead7e03dfbe40deb5888fdf

References

https://git.kernel.org/stable/c/295a92e3df32e72aff0f4bc25...

https://git.kernel.org/stable/c/42f6beb2d5779429417b5f811...

https://git.kernel.org/stable/c/7863c9f3d24ba49dbead7e03d...

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 11, 2025