Description

In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcd_v2_ext_offset exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks the value of smcd_v2_ext_offset before using it.

INFO

Published Date :

2025-01-11T12:35:35.284Z

Last Modified :

2025-11-03T20:39:33.276Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47408 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47408.

URL Resource
https://git.kernel.org/stable/c/48d5a8a304a643613dab376a278f29d3e22f7c34 cve-icon cve-icon
https://git.kernel.org/stable/c/935caf324b445fe73d7708fae6f7176fb243f357 cve-icon cve-icon
https://git.kernel.org/stable/c/9ab332deb671d8f7e66d82a2ff2b3f715bc3a4ad cve-icon cve-icon
https://git.kernel.org/stable/c/a36364d8d4fabb105001f992fb8ff2d3546203d6 cve-icon cve-icon
https://git.kernel.org/stable/c/e1cc8be2a785a8f1ce1f597f3e608602c5fccd46 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025011141-CVE-2024-47408-e686@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-47408 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-47408 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact