CVE-2024-50035
- Source
- https://cve.org/CVERecord?id=CVE-2024-50035
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50035.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50035
- Downstream
- Related
- Published
- 2024-10-21T19:39:36.460Z
- Modified
- 2026-05-07T04:17:00.298999Z
- Summary
- ppp: fix ppp_async_encode() illegal access
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ppp: fix pppasyncencode() illegal access
syzbot reported an issue in pppasyncencode() [1]
In this case, pppoesendmsg() is called with a zero size. Then pppasync_encode() is called with an empty skb.
BUG: KMSAN: uninit-value in pppasyncencode drivers/net/ppp/pppasync.c:545 [inline] BUG: KMSAN: uninit-value in pppasyncpush+0xb4f/0x2660 drivers/net/ppp/pppasync.c:675 pppasyncencode drivers/net/ppp/pppasync.c:545 [inline] pppasyncpush+0xb4f/0x2660 drivers/net/ppp/pppasync.c:675 pppasyncsend+0x130/0x1b0 drivers/net/ppp/pppasync.c:634 pppchannelbridgeinput drivers/net/ppp/pppgeneric.c:2280 [inline] pppinput+0x1f1/0xe60 drivers/net/ppp/pppgeneric.c:2304 pppoercvcore+0x1d3/0x720 drivers/net/ppp/pppoe.c:379 skbacklog_rcv+0x13b/0x420 include/net/sock.h:1113 __releasesock+0x1da/0x330 net/core/sock.c:3072 releasesock+0x6b/0x250 net/core/sock.c:3626 pppoesendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903 socksendmsg_nosec net/socket.c:729 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:744 ____sys_sendmsg+0x903/0xb60 net/socket.c:2602 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742 __dosyssendmmsg net/socket.c:2771 [inline] __sesyssendmmsg net/socket.c:2768 [inline] _x64syssendmmsg+0xbc/0x120 net/socket.c:2768 x64syscall+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls64.h:308 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xcd/0x1e0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f
Uninit was created at: slabpostallochook mm/slub.c:4092 [inline] slaballocnode mm/slub.c:4135 [inline] kmemcacheallocnodenoprof+0x6bf/0xb80 mm/slub.c:4187 kmallocreserve+0x13d/0x4a0 net/core/skbuff.c:587 __allocskb+0x363/0x7b0 net/core/skbuff.c:678 allocskb include/linux/skbuff.h:1322 [inline] sockwmalloc+0xfe/0x1a0 net/core/sock.c:2732 pppoesendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867 socksendmsgnosec net/socket.c:729 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:744 ____sys_sendmsg+0x903/0xb60 net/socket.c:2602 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742 __dosyssendmmsg net/socket.c:2771 [inline] __sesyssendmmsg net/socket.c:2768 [inline] _x64syssendmmsg+0xbc/0x120 net/socket.c:2768 x64syscall+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls64.h:308 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xcd/0x1e0 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f
CPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 Not tainted 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50035.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/30d91a478d58cbae3dbaa8224d17d0d839f0d71b
- https://git.kernel.org/stable/c/40dddd4b8bd08a69471efd96107a4e1c73fabefc
- https://git.kernel.org/stable/c/4151ec65abd755133ebec687218fadd2d2631167
- https://git.kernel.org/stable/c/8dfe93901b410ae41264087427f3b9f389388f83
- https://git.kernel.org/stable/c/8fe992ff3df493d1949922ca234419f3ede08dff
- https://git.kernel.org/stable/c/c007a14797240607038bd3464501109f408940e2
- https://git.kernel.org/stable/c/ce249a4c68d0ce27a8c5d853338d502e2711a314
- https://git.kernel.org/stable/c/fadf8fdb3110d3138e05c3765f645535434f8d76
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50035.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-50035
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed4151ec65abd755133ebec687218fadd2d2631167Fixed8dfe93901b410ae41264087427f3b9f389388f83Fixed30d91a478d58cbae3dbaa8224d17d0d839f0d71bFixedfadf8fdb3110d3138e05c3765f645535434f8d76Fixedce249a4c68d0ce27a8c5d853338d502e2711a314Fixed8fe992ff3df493d1949922ca234419f3ede08dffFixedc007a14797240607038bd3464501109f408940e2Fixed40dddd4b8bd08a69471efd96107a4e1c73fabefc
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.6.12Fixed4.19.323
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.285
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.227
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.168
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.113
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.57
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.11.4