CVE-2024-42281

Опубликовано: 17 авг. 2024

Источник: redhat

CVSS3: 5.1

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gso_size Linearize the skb when downgrading gso_size because it may trigger a BUG_ON() later when the skb is segmented as described in [1,2].

A denial of service vulnerability was found in the Linux kernel. Downgrading gso_size may trigger a crash, resulting in a loss of system availability.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel-rt	Out of support scope
Red Hat Enterprise Linux 8	kernel	Will not fix
Red Hat Enterprise Linux 8	kernel-rt	Will not fix
Red Hat Enterprise Linux 9	kernel	Will not fix
Red Hat Enterprise Linux 9	kernel-rt	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=2305426kernel: bpf: Fix a segment issue when downgrading gso_size

EPSS

Процентиль: 44%

0.0021

Низкий

5.1 Medium

CVSS3

Связанные уязвимости

CVE-2024-42281

ubuntu

10 месяцев назад

CVE-2024-42281

nvd

10 месяцев назад

CVE-2024-42281

debian

10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: b ...

GHSA-4w6w-2c5p-xchq

github

10 месяцев назад

BDU:2025-01444

CVSS3: 5.5

fstec

11 месяцев назад

Уязвимость компонента bpf ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 44%

0.0021

Низкий

5.1 Medium

CVSS3