5.5

CVE-2024-36929

net: core: reject skb_copy(_expand) for fraglist GSO skbs

In the Linux kernel, the following vulnerability has been resolved:

net: core: reject skb_copy(_expand) for fraglist GSO skbs

SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become
invalid. Return NULL if such an skb is passed to skb_copy or
skb_copy_expand, in order to prevent a crash on a potential later
call to skb_gso_segment.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.6 < 5.10.217
LinuxLinux Kernel Version >= 5.11 < 5.15.159
LinuxLinux Kernel Version >= 5.16 < 6.1.91
LinuxLinux Kernel Version >= 6.2 < 6.6.31
LinuxLinux Kernel Version >= 6.7 < 6.8.10
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
LinuxLinux Kernel Version6.9 Updaterc3
LinuxLinux Kernel Version6.9 Updaterc4
LinuxLinux Kernel Version6.9 Updaterc5
LinuxLinux Kernel Version6.9 Updaterc6
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.199
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
Third Party Advisory
https://git.kernel.org/stable/c/989bf6fd1e1d058e73a364dce1a0c53d33373f62
Patch
https://git.kernel.org/stable/c/aea5e2669c2863fdd8679c40ee310b3bcaa85aec
Patch
https://git.kernel.org/stable/c/c7af99cc21923a9650533c9d77265c8dd683a533
Patch
https://git.kernel.org/stable/c/cfe34d86ef9765c388f145039006bb79b6c81ac6
Patch
https://git.kernel.org/stable/c/d091e579b864fa790dd6a0cd537a22c383126681
Patch
https://git.kernel.org/stable/c/faa83a7797f06cefed86731ba4baa3b4dfdc06c1
Patch
https://security.netapp.com/advisory/ntap-20240905-0010/
Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
https://cert-portal.siemens.com/productcert/html/ssa-613116.html