CVE-2024-50251

UNKNOWN

Published 2024-11-09T10:14:59.820Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-50251. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_payload: sanitize offset and length before calling skb_checksum()

If access to offset + length is larger than the skbuff length, then
skb_checksum() triggers BUG_ON().

skb_checksum() internally subtracts the length parameter while iterating
over skbuff, BUG_ON(len) at the end of it checks that the expected
length to be included in the checksum calculation is fully consumed.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df 7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df

Linux

Affected Versions:

4.5 0 4.19.323 5.4.285 5.10.229 5.15.171 6.1.116 6.6.60 6.11.7 6.12

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-gmgf-ff9x-r369

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length parameter while iterating over skbuff, BUG_ON(len) at the end of it checks that the expected length to be included in the checksum calculation is fully consumed.

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-50251

WEB https://git.kernel.org/stable/c/0ab3be58b45b996764aba0187b46de19b3e58a72

WEB https://git.kernel.org/stable/c/a661ed364ae6ae88c2fafa9ddc27df1af2a73701

WEB https://git.kernel.org/stable/c/ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534

WEB https://git.kernel.org/stable/c/b1d2de8a669fa14c499a385e056944d5352b3b40

WEB https://git.kernel.org/stable/c/c43e0ea848e7b9bef7a682cbc5608022d6d29d7b

WEB https://git.kernel.org/stable/c/d3217323525f7596427124359e76ea0d8fcc9874

WEB https://git.kernel.org/stable/c/d5953d680f7e96208c29ce4139a0e38de87a57fe

WEB https://git.kernel.org/stable/c/e3e608cbad376674d19a71ccd0d41804d9393f02

Advisory provided by GitHub Security Advisory Database. Published: November 9, 2024, Modified: November 14, 2024

References

https://git.kernel.org/stable/c/a661ed364ae6ae88c2fafa9ddc27df1af2a73701

https://git.kernel.org/stable/c/ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534

https://git.kernel.org/stable/c/e3e608cbad376674d19a71ccd0d41804d9393f02

https://git.kernel.org/stable/c/b1d2de8a669fa14c499a385e056944d5352b3b40

https://git.kernel.org/stable/c/d3217323525f7596427124359e76ea0d8fcc9874

https://git.kernel.org/stable/c/0ab3be58b45b996764aba0187b46de19b3e58a72

https://git.kernel.org/stable/c/c43e0ea848e7b9bef7a682cbc5608022d6d29d7b

https://git.kernel.org/stable/c/d5953d680f7e96208c29ce4139a0e38de87a57fe

Published: 2024-11-09T10:14:59.820Z

Last Modified: 2025-05-04T09:49:54.874Z

Copied to clipboard!

CVE-2024-50251

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Linux

Affected Versions:

Linux

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!