{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-49948", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T12:17:06.045Z", "datePublished": "2024-10-21T18:02:05.121Z", "dateUpdated": "2026-05-12T11:59:12.979Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T20:42:38.409Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add more sanity checks to qdisc_pkt_len_init()\n\nOne path takes care of SKB_GSO_DODGY, assuming\nskb->len is bigger than hdr_len.\n\nvirtio_net_hdr_to_skb() does not fully dissect TCP headers,\nit only make sure it is at least 20 bytes.\n\nIt is possible for an user to provide a malicious 'GSO' packet,\ntotal length of 80 bytes.\n\n- 20 bytes of IPv4 header\n- 60 bytes TCP header\n- a small gso_size like 8\n\nvirtio_net_hdr_to_skb() would declare this packet as a normal\nGSO packet, because it would see 40 bytes of payload,\nbigger than gso_size.\n\nWe need to make detect this case to not underflow\nqdisc_skb_cb(skb)->pkt_len."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/dev.c"], "versions": [{"version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "d7d1a28f5dd57b4d83def876f8d7b4403bd37df9", "status": "affected", "versionType": "git"}, {"version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "473426a1d53a68dd1e718e6cd00d57936993fa6c", "status": "affected", "versionType": "git"}, {"version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "566a931a1436d0e0ad13708ea55479b95426213c", "status": "affected", "versionType": "git"}, {"version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "2415f465730e48b6e38da1c7c097317bf5dd2d20", "status": "affected", "versionType": "git"}, {"version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "27a8fabc54d2f960d47bdfbebf2bdc6e8a92a4c4", "status": "affected", "versionType": "git"}, {"version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "9b0ee571d20a238a22722126abdfde61f1b2bdd0", "status": "affected", "versionType": "git"}, {"version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "ff1c3cadcf405ab37dd91418a62a7acecf3bc5e2", "status": "affected", "versionType": "git"}, {"version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "1eebe602a8d8264a12e35e39d0645fa88dbbacdd", "status": "affected", "versionType": "git"}, {"version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "ab9a9a9e9647392a19e7a885b08000e89c86b535", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/dev.c"], "versions": [{"version": "3.9", "status": "affected"}, {"version": "0", "lessThan": "3.9", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.323", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.285", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.227", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.168", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.113", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.55", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.14", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.3", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "4.19.323"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "5.4.285"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "5.10.227"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "5.15.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "6.1.113"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "6.6.55"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "6.10.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "6.11.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9", "versionEndExcluding": "6.12"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/d7d1a28f5dd57b4d83def876f8d7b4403bd37df9"}, {"url": "https://git.kernel.org/stable/c/473426a1d53a68dd1e718e6cd00d57936993fa6c"}, {"url": "https://git.kernel.org/stable/c/566a931a1436d0e0ad13708ea55479b95426213c"}, {"url": "https://git.kernel.org/stable/c/2415f465730e48b6e38da1c7c097317bf5dd2d20"}, {"url": "https://git.kernel.org/stable/c/27a8fabc54d2f960d47bdfbebf2bdc6e8a92a4c4"}, {"url": "https://git.kernel.org/stable/c/9b0ee571d20a238a22722126abdfde61f1b2bdd0"}, {"url": "https://git.kernel.org/stable/c/ff1c3cadcf405ab37dd91418a62a7acecf3bc5e2"}, {"url": "https://git.kernel.org/stable/c/1eebe602a8d8264a12e35e39d0645fa88dbbacdd"}, {"url": "https://git.kernel.org/stable/c/ab9a9a9e9647392a19e7a885b08000e89c86b535"}], "title": "net: add more sanity checks to qdisc_pkt_len_init()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-49948", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:36:47.619949Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:38:49.499Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:23:27.937Z"}}, {"x_adpType": "supplier", "providerMetadata": {"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "shortName": "siemens-SADP", "dateUpdated": "2026-05-12T11:59:12.979Z"}, "affected": [{"vendor": "Siemens", "product": "RUGGEDCOM RST2428P", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP", "versions": [{"status": "affected", "version": "V3.1.0", "lessThan": "V3.1.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP", "versions": [{"status": "affected", "version": "V3.1.0", "lessThan": "V3.1.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP", "versions": [{"status": "affected", "version": "V3.1.0", "lessThan": "V3.1.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP", "versions": [{"status": "affected", "version": "V3.1.0", "lessThan": "V3.1.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP", "versions": [{"status": "affected", "version": "V3.1.0", "lessThan": "V3.1.5", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:23:27.937Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-49948", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:36:47.619949Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:36:51.289Z"}}], "cna": {"title": "net: add more sanity checks to qdisc_pkt_len_init()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "d7d1a28f5dd57b4d83def876f8d7b4403bd37df9", "versionType": "git"}, {"status": "affected", "version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "473426a1d53a68dd1e718e6cd00d57936993fa6c", "versionType": "git"}, {"status": "affected", "version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "566a931a1436d0e0ad13708ea55479b95426213c", "versionType": "git"}, {"status": "affected", "version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "2415f465730e48b6e38da1c7c097317bf5dd2d20", "versionType": "git"}, {"status": "affected", "version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "27a8fabc54d2f960d47bdfbebf2bdc6e8a92a4c4", "versionType": "git"}, {"status": "affected", "version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "9b0ee571d20a238a22722126abdfde61f1b2bdd0", "versionType": "git"}, {"status": "affected", "version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "ff1c3cadcf405ab37dd91418a62a7acecf3bc5e2", "versionType": "git"}, {"status": "affected", "version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "1eebe602a8d8264a12e35e39d0645fa88dbbacdd", "versionType": "git"}, {"status": "affected", "version": "1def9238d4aa2146924994aa4b7dc861f03b9362", "lessThan": "ab9a9a9e9647392a19e7a885b08000e89c86b535", "versionType": "git"}], "programFiles": ["net/core/dev.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.9"}, {"status": "unaffected", "version": "0", "lessThan": "3.9", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.323", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.285", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.227", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.168", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.113", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.55", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.14", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11.3", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/core/dev.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/d7d1a28f5dd57b4d83def876f8d7b4403bd37df9"}, {"url": "https://git.kernel.org/stable/c/473426a1d53a68dd1e718e6cd00d57936993fa6c"}, {"url": "https://git.kernel.org/stable/c/566a931a1436d0e0ad13708ea55479b95426213c"}, {"url": "https://git.kernel.org/stable/c/2415f465730e48b6e38da1c7c097317bf5dd2d20"}, {"url": "https://git.kernel.org/stable/c/27a8fabc54d2f960d47bdfbebf2bdc6e8a92a4c4"}, {"url": "https://git.kernel.org/stable/c/9b0ee571d20a238a22722126abdfde61f1b2bdd0"}, {"url": "https://git.kernel.org/stable/c/ff1c3cadcf405ab37dd91418a62a7acecf3bc5e2"}, {"url": "https://git.kernel.org/stable/c/1eebe602a8d8264a12e35e39d0645fa88dbbacdd"}, {"url": "https://git.kernel.org/stable/c/ab9a9a9e9647392a19e7a885b08000e89c86b535"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add more sanity checks to qdisc_pkt_len_init()\n\nOne path takes care of SKB_GSO_DODGY, assuming\nskb->len is bigger than hdr_len.\n\nvirtio_net_hdr_to_skb() does not fully dissect TCP headers,\nit only make sure it is at least 20 bytes.\n\nIt is possible for an user to provide a malicious 'GSO' packet,\ntotal length of 80 bytes.\n\n- 20 bytes of IPv4 header\n- 60 bytes TCP header\n- a small gso_size like 8\n\nvirtio_net_hdr_to_skb() would declare this packet as a normal\nGSO packet, because it would see 40 bytes of payload,\nbigger than gso_size.\n\nWe need to make detect this case to not underflow\nqdisc_skb_cb(skb)->pkt_len."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.323", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.285", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.227", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.168", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.113", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.55", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10.14", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.11.3", "versionStartIncluding": "3.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.12", "versionStartIncluding": "3.9"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:42:06.708Z"}}}, "cveMetadata": {"cveId": "CVE-2024-49948", "state": "PUBLISHED", "dateUpdated": "2025-11-03T22:23:27.937Z", "dateReserved": "2024-10-21T12:17:06.045Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T18:02:05.121Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4858BA8-F6CA-4A65-9871-EAC1E8C606C7", "versionEndExcluding": "4.19.323", "versionStartIncluding": "3.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5A89369-320F-47FC-8695-56F61F87E4C0", "versionEndExcluding": "5.4.285", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "795A3EE6-0CAB-4409-A903-151C94ACECC0", "versionEndExcluding": "5.10.227", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C", "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0", "versionEndExcluding": "6.6.55", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021", "versionEndExcluding": "6.10.14", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9", "versionEndExcluding": "6.11.3", "versionStartIncluding": "6.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add more sanity checks to qdisc_pkt_len_init()\n\nOne path takes care of SKB_GSO_DODGY, assuming\nskb->len is bigger than hdr_len.\n\nvirtio_net_hdr_to_skb() does not fully dissect TCP headers,\nit only make sure it is at least 20 bytes.\n\nIt is possible for an user to provide a malicious 'GSO' packet,\ntotal length of 80 bytes.\n\n- 20 bytes of IPv4 header\n- 60 bytes TCP header\n- a small gso_size like 8\n\nvirtio_net_hdr_to_skb() would declare this packet as a normal\nGSO packet, because it would see 40 bytes of payload,\nbigger than gso_size.\n\nWe need to make detect this case to not underflow\nqdisc_skb_cb(skb)->pkt_len."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: a\u00f1adir m\u00e1s comprobaciones de cordura a qdisc_pkt_len_init() Una ruta se encarga de SKB_GSO_DODGY, asumiendo que skb->len es m\u00e1s grande que hdr_len. virtio_net_hdr_to_skb() no disecciona completamente los encabezados TCP, solo se asegura de que tengan al menos 20 bytes. Es posible que un usuario proporcione un paquete 'GSO' malicioso, con una longitud total de 80 bytes. - 20 bytes de encabezado IPv4 - 60 bytes de encabezado TCP - un gso_size peque\u00f1o como 8 virtio_net_hdr_to_skb() declarar\u00eda este paquete como un paquete GSO normal, porque ver\u00eda 40 bytes de carga \u00fatil, m\u00e1s grande que gso_size. Necesitamos hacer que detecte este caso para no desbordar qdisc_skb_cb(skb)->pkt_len."}], "id": "CVE-2024-49948", "lastModified": "2026-05-12T12:17:18.440", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T18:15:16.260", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1eebe602a8d8264a12e35e39d0645fa88dbbacdd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2415f465730e48b6e38da1c7c097317bf5dd2d20"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/27a8fabc54d2f960d47bdfbebf2bdc6e8a92a4c4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/473426a1d53a68dd1e718e6cd00d57936993fa6c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/566a931a1436d0e0ad13708ea55479b95426213c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9b0ee571d20a238a22722126abdfde61f1b2bdd0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ab9a9a9e9647392a19e7a885b08000e89c86b535"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d7d1a28f5dd57b4d83def876f8d7b4403bd37df9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ff1c3cadcf405ab37dd91418a62a7acecf3bc5e2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"}, {"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}, {"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"}, {"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:6966", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-570.12.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:6966", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-570.12.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}], "bugzilla": {"description": "kernel: net: add more sanity checks to qdisc_pkt_len_init()", "id": "2320552", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320552"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: add more sanity checks to qdisc_pkt_len_init()\nOne path takes care of SKB_GSO_DODGY, assuming\nskb->len is bigger than hdr_len.\nvirtio_net_hdr_to_skb() does not fully dissect TCP headers,\nit only make sure it is at least 20 bytes.\nIt is possible for an user to provide a malicious 'GSO' packet,\ntotal length of 80 bytes.\n- 20 bytes of IPv4 header\n- 60 bytes TCP header\n- a small gso_size like 8\nvirtio_net_hdr_to_skb() would declare this packet as a normal\nGSO packet, because it would see 40 bytes of payload,\nbigger than gso_size.\nWe need to make detect this case to not underflow\nqdisc_skb_cb(skb)->pkt_len."], "name": "CVE-2024-49948", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-49948\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-49948\nhttps://lore.kernel.org/linux-cve-announce/2024102129-CVE-2024-49948-ba28@gregkh/T"], "threat_severity": "Moderate"}

{}