5.5

CVE-2024-41044

ppp: reject claimed-as-LCP but actually malformed packets

In the Linux kernel, the following vulnerability has been resolved:

ppp: reject claimed-as-LCP but actually malformed packets

Since 'ppp_async_encode()' assumes valid LCP packets (with code
from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that
LCP packet has an actual body beyond PPP_LCP header bytes, and
reject claimed-as-LCP but actually malformed data otherwise.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.13 < 4.19.318
LinuxLinux Kernel Version >= 4.20 < 5.4.280
LinuxLinux Kernel Version >= 5.5 < 5.10.222
LinuxLinux Kernel Version >= 5.11 < 5.15.163
LinuxLinux Kernel Version >= 5.16 < 6.1.100
LinuxLinux Kernel Version >= 6.2 < 6.6.41
LinuxLinux Kernel Version >= 6.7 < 6.9.10
LinuxLinux Kernel Version2.6.12 Update-
LinuxLinux Kernel Version2.6.12 Updaterc2
LinuxLinux Kernel Version2.6.12 Updaterc3
LinuxLinux Kernel Version2.6.12 Updaterc4
LinuxLinux Kernel Version2.6.12 Updaterc5
LinuxLinux Kernel Version6.10 Updaterc1
LinuxLinux Kernel Version6.10 Updaterc2
LinuxLinux Kernel Version6.10 Updaterc3
LinuxLinux Kernel Version6.10 Updaterc4
LinuxLinux Kernel Version6.10 Updaterc5
LinuxLinux Kernel Version6.10 Updaterc6
LinuxLinux Kernel Version6.10 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.201
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/099502ca410922b56353ccef2749bc0de669da78
Patch
https://git.kernel.org/stable/c/3134bdf7356ed952dcecb480861d2afcc1e40492
Patch
https://git.kernel.org/stable/c/3ba12c2afd933fc1bf800f6d3f6c7ec8f602ce56
Patch
https://git.kernel.org/stable/c/6e8f1c21174f9482033bbb59f13ce1a8cbe843c3
Patch
https://git.kernel.org/stable/c/97d1efd8be26615ff680cdde86937d5943138f37
Patch
https://git.kernel.org/stable/c/d683e7f3fc48f59576af34631b4fb07fd931343e
Patch
https://git.kernel.org/stable/c/ebc5c630457783d17d0c438b0ad70b232a64a82f
Patch
https://git.kernel.org/stable/c/f2aeb7306a898e1cbd03963d376f4b6656ca2b55
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html