DEBIAN-CVE-2024-49979
- Source
- https://security-tracker.debian.org/tracker/CVE-2024-49979
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-49979.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-49979
- Upstream
- Published
- 2024-10-21T18:15:18Z
- Modified
- 2025-09-25T22:40:37Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: net: gso: fix tcp fraglist segmentation after pull from fraglist Detect tcp gso fraglist skbs with corrupted geometry (see below) and pass these to skbsegment instead of skbsegmentlist, as the first can segment them correctly. Valid SKBGSOFRAGLIST skbs - consist of two or more segments - the headskb holds the protocol headers plus first gsosize - one or more fraglist skbs hold exactly one segment - all but the last must be gsosize Optional datapath hooks such as NAT and BPF (bpfskbpulldata) can modify these skbs, breaking these invariants. In extreme cases they pull all data into skb linear. For TCP, this causes a NULL ptr deref in _tcpv4gsosegmentlistcsum at tcphdr(seg->next). Detect invalid geometry due to pull, by checking headskb size. Don't just drop, as this may blackhole a destination. Convert to be able to pass to regular skb_segment. Approach and description based on a patch by Willem de Bruijn.
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source