5.5

CVE-2024-47408

net/smc: check smcd_v2_ext_offset when receiving proposal msg

In the Linux kernel, the following vulnerability has been resolved:

net/smc: check smcd_v2_ext_offset when receiving proposal msg

When receiving proposal msg in server, the field smcd_v2_ext_offset in
proposal msg is from the remote client and can not be fully trusted.
Once the value of smcd_v2_ext_offset exceed the max value, there has
the chance to access wrong address, and crash may happen.

This patch checks the value of smcd_v2_ext_offset before using it.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10 < 5.15.176
LinuxLinux Kernel Version >= 5.16 < 6.1.122
LinuxLinux Kernel Version >= 6.2 < 6.6.68
LinuxLinux Kernel Version >= 6.7 < 6.12.7
LinuxLinux Kernel Version6.13 Updaterc1
LinuxLinux Kernel Version6.13 Updaterc2
LinuxLinux Kernel Version6.13 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.12
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/48d5a8a304a643613dab376a278f29d3e22f7c34
Patch
https://git.kernel.org/stable/c/935caf324b445fe73d7708fae6f7176fb243f357
Patch
https://git.kernel.org/stable/c/9ab332deb671d8f7e66d82a2ff2b3f715bc3a4ad
Patch
https://git.kernel.org/stable/c/a36364d8d4fabb105001f992fb8ff2d3546203d6
Patch
https://git.kernel.org/stable/c/e1cc8be2a785a8f1ce1f597f3e608602c5fccd46
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html