CVE-2024-47408

Jan. 11, 2025, 1:15 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcd_v2_ext_offset exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks the value of smcd_v2_ext_offset before using it.

Product(s) Impacted

Product Versions
Linux kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/48d5a8a304a643613dab376a278f29d3e22f7c34
https://git.kernel.org/stable/c/935caf324b445fe73d7708fae6f7176fb243f357
https://git.kernel.org/stable/c/9ab332deb671d8f7e66d82a2ff2b3f715bc3a4ad
https://git.kernel.org/stable/c/a36364d8d4fabb105001f992fb8ff2d3546203d6
https://git.kernel.org/stable/c/e1cc8be2a785a8f1ce1f597f3e608602c5fccd46

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-01-11
CVE-2024-47408

Timeline

Published: Jan. 11, 2025, 1:15 p.m.
Last Modified: Jan. 11, 2025, 1:15 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.