CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-49568: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg

Description

In the Linux kernel, the following vulnerability has been resolved:

net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg

When receiving proposal msg in server, the fields v2_ext_offset/
eid_cnt/ism_gid_cnt in proposal msg are from the remote client
and can not be fully trusted. Especially the field v2_ext_offset,
once exceed the max value, there has the chance to access wrong
address, and crash may happen.

This patch checks the fields v2_ext_offset/eid_cnt/ism_gid_cnt
before using them.

Classification

CVE ID: CVE-2024-49568

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.82% (scored less or equal to compared to others)

EPSS Date: 2025-02-09 (when was this score calculated)

References

https://git.kernel.org/stable/c/295a92e3df32e72aff0f4bc25c310e349d07ffbf
https://git.kernel.org/stable/c/42f6beb2d5779429417b5f8115a4e3fa695d2a6c
https://git.kernel.org/stable/c/7863c9f3d24ba49dbead7e03dfbe40deb5888fdf

Timeline

2025-01-12 00:30:23 UTC
CVE

net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg