Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-42861

Опубликовано: 23 сент. 2024
Источник: redhat
CVSS3: 6.5
EPSS Средний

Описание

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function

A flaw was found in Linux PTP. This flaw allows an attacker to possibly trigger a denial of service via a specially crafted Pdelay_Req message to the time synchronization function.

Отчет

This vulnerability is categorized as a Moderate severity rather than Important because it specifically targets the time synchronization function on a single port rather than causing broader system or network compromise. The attack requires the attacker to be on the same Ethernet network, limiting its scope and accessibility. Additionally, the denial of service is temporary, affecting synchronization only for a limited duration, after which normal operation may resume without permanent damage to the system.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10linuxptpNot affected
Red Hat Enterprise Linux 6linuxptpOut of support scope
Red Hat Enterprise Linux 7linuxptpOut of support scope
Red Hat Enterprise Linux 8linuxptpNot affected
Red Hat Enterprise Linux 9linuxptpNot affected
Red Hat OpenShift Container Platform 4openshift4/ose-ptpNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-754
https://bugzilla.redhat.com/show_bug.cgi?id=2314319linuxptp: denial of service via a crafted Pdelay_Req message to the time synchronization function

EPSS

Процентиль: 97%
0.31904
Средний

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-42861

CVSS3: 7.5
ubuntu
больше 1 года назад

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function

nvd логотип

CVE-2024-42861

CVSS3: 7.5
nvd
больше 1 года назад

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function

msrc логотип

CVE-2024-42861

CVSS3: 7.5
msrc
4 месяца назад

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function

debian логотип

CVE-2024-42861

CVSS3: 7.5
debian
больше 1 года назад

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote a ...

github логотип

GHSA-xgfh-jv6x-46xv

CVSS3: 7.5
github
больше 1 года назад

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function

EPSS

Процентиль: 97%
0.31904
Средний

6.5 Medium

CVSS3