CVE-2024-49568

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-49568

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49568.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-49568

Downstream

BELL-CVE-2024-49568

DEBIAN-CVE-2024-49568

ECHO-cd41-38ba-ea1e

OESA-2025-1110

OESA-2025-1111

SUSE-SU-2025:02249-1

SUSE-SU-2025:02538-1

SUSE-SU-2025:02923-1

UBUNTU-CVE-2024-49568

USN-7379-1

USN-7381-1

USN-7382-1

USN-7513-1

USN-7513-2

USN-7513-3

USN-7513-4

USN-7513-5

USN-7514-1

USN-7515-1

USN-7515-2

USN-7522-1

USN-7523-1

USN-7524-1

Related

Published

2025-01-11T13:15:23Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

net/smc: check v2extoffset/eidcnt/ismgid_cnt when receiving proposal msg

When receiving proposal msg in server, the fields v2extoffset/ eidcnt/ismgidcnt in proposal msg are from the remote client and can not be fully trusted. Especially the field v2ext_offset, once exceed the max value, there has the chance to access wrong address, and crash may happen.

This patch checks the fields v2extoffset/eidcnt/ismgid_cnt before using them.

References

Affected packages