Description

In the Linux kernel, the following vulnerability has been resolved: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg When receiving proposal msg in server, the fields v2_ext_offset/ eid_cnt/ism_gid_cnt in proposal msg are from the remote client and can not be fully trusted. Especially the field v2_ext_offset, once exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks the fields v2_ext_offset/eid_cnt/ism_gid_cnt before using them.

INFO

Published Date :

2025-01-11T12:35:36.190Z

Last Modified :

2025-05-04T09:39:23.222Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-49568 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-49568.

URL Resource
https://git.kernel.org/stable/c/295a92e3df32e72aff0f4bc25c310e349d07ffbf cve-icon cve-icon
https://git.kernel.org/stable/c/42f6beb2d5779429417b5f8115a4e3fa695d2a6c cve-icon cve-icon
https://git.kernel.org/stable/c/7863c9f3d24ba49dbead7e03dfbe40deb5888fdf cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025011142-CVE-2024-49568-e5f6@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-49568 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-49568 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact