CVE-2024-46854

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-46854
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-46854.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-46854
Downstream
Related
Published
2024-09-27T12:42:46.655Z
Modified
2025-11-28T02:34:00.458907Z
Summary
net: dpaa: Pad packets to ETH_ZLEN
Details

In the Linux kernel, the following vulnerability has been resolved:

net: dpaa: Pad packets to ETH_ZLEN

When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be reproduced by running

$ ping -s 11 destination
Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/46xxx/CVE-2024-46854.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9ad1a37493338cacf04e2c93acf44d151a7adda8
Fixed
cd5b9d657ecd44ad5f254c3fea3a6ab1cf0e2ef7
Fixed
dc43a096cfe65b5c32168313846c5cd135d08f1d
Fixed
1f31f51bfc8214a6deaac2920e6342cb9d019133
Fixed
38f5db5587c0ee53546b28c50ba128253181ac83
Fixed
f43190e33224c49e1c7ebbc25923ff400d87ec00
Fixed
34fcac26216ce17886af3eb392355b459367af1a
Fixed
ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2
Fixed
cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.10.0
Fixed
4.19.323
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.285
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.227
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.168
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.111
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.52
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.10.11