7.1

CVE-2024-46854

net: dpaa: Pad packets to ETH_ZLEN

In the Linux kernel, the following vulnerability has been resolved:

net: dpaa: Pad packets to ETH_ZLEN

When sending packets under 60 bytes, up to three bytes of the buffer
following the data may be leaked. Avoid this by extending all packets to
ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be
reproduced by running

	$ ping -s 11 destination
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.10 < 6.1.111
LinuxLinux Kernel Version >= 6.2 < 6.6.52
LinuxLinux Kernel Version >= 6.7 < 6.10.11
LinuxLinux Kernel Version6.11 Updaterc1
LinuxLinux Kernel Version6.11 Updaterc2
LinuxLinux Kernel Version6.11 Updaterc3
LinuxLinux Kernel Version6.11 Updaterc4
LinuxLinux Kernel Version6.11 Updaterc5
LinuxLinux Kernel Version6.11 Updaterc6
LinuxLinux Kernel Version6.11 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.141
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/1f31f51bfc8214a6deaac2920e6342cb9d019133
https://git.kernel.org/stable/c/34fcac26216ce17886af3eb392355b459367af1a
Patch
https://git.kernel.org/stable/c/38f5db5587c0ee53546b28c50ba128253181ac83
https://git.kernel.org/stable/c/cbd7ec083413c6a2e0c326d49e24ec7d12c7a9e0
Patch
https://git.kernel.org/stable/c/cd5b9d657ecd44ad5f254c3fea3a6ab1cf0e2ef7
https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2
Patch
https://git.kernel.org/stable/c/dc43a096cfe65b5c32168313846c5cd135d08f1d
https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://cert-portal.siemens.com/productcert/html/ssa-265688.html