7.8

CVE-2024-38586

EPSS 0.01%
Veröffentlicht 19.06.2024 14:15:18
Zuletzt bearbeitet 17.09.2025 21:08:10
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

r8169: Fix possible ring buffer corruption on fragmented Tx packets.

An issue was found on the RTL8125b when transmitting small fragmented
packets, whereby invalid entries were inserted into the transmit ring
buffer, subsequently leading to calls to dma_unmap_single() with a null
address.

This was caused by rtl8169_start_xmit() not noticing changes to nr_frags
which may occur when small packets are padded (to work around hardware
quirks) in rtl8169_tso_csum_v2().

To fix this, postpone inspecting nr_frags until after any padding has been
applied.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.7 < 5.10.221

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.161

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.93

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.33

Linux ≫ Linux Kernel Version >= 6.7 < 6.8.12

Linux ≫ Linux Kernel Version >= 6.9 < 6.9.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.012

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6

Patch

https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d

Patch

https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479

Patch

https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27

Patch

https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1

Patch

https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd

Patch

https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-38586

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38586

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38586

EUVD