In the Linux kernel, the following vulnerability has been resolved:
netfilter: flowtable: incorrect pppoe tuple
pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow table lookup, so pppoe packets enter the classical forwarding path.
{ "vanir_signatures": [ { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4ed82dd368ad883dc4284292937b882f044e625d", "signature_type": "Line", "target": { "file": "net/netfilter/nf_flow_table_ip.c" }, "deprecated": false, "digest": { "line_hashes": [ "178478939155120270176188719521706803356", "110510760692581791348081110327564340228", "261884585166339292957569852874152280843", "203479715199276297927773374948227537621" ], "threshold": 0.9 }, "id": "CVE-2024-27015-434043e5" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6db5dc7b351b9569940cd1cf445e237c42cd6d27", "signature_type": "Line", "target": { "file": "net/netfilter/nf_flow_table_ip.c" }, "deprecated": false, "digest": { "line_hashes": [ "178478939155120270176188719521706803356", "110510760692581791348081110327564340228", "261884585166339292957569852874152280843", "203479715199276297927773374948227537621" ], "threshold": 0.9 }, "id": "CVE-2024-27015-491e9e1f" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e719b52d0c56989b0f3475a03a6d64f182c85b56", "signature_type": "Line", "target": { "file": "net/netfilter/nf_flow_table_ip.c" }, "deprecated": false, "digest": { "line_hashes": [ "178478939155120270176188719521706803356", "110510760692581791348081110327564340228", "261884585166339292957569852874152280843", "203479715199276297927773374948227537621" ], "threshold": 0.9 }, "id": "CVE-2024-27015-6aefd877" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e3f078103421642fcd5f05c5e70777feb10f000d", "signature_type": "Line", "target": { "file": "net/netfilter/nf_flow_table_ip.c" }, "deprecated": false, "digest": { "line_hashes": [ "178478939155120270176188719521706803356", "110510760692581791348081110327564340228", "261884585166339292957569852874152280843", "203479715199276297927773374948227537621" ], "threshold": 0.9 }, "id": "CVE-2024-27015-ad05ee5f" } ] }