CVE-2024-47408
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-47408
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47408.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-47408
- Downstream
- Related
- Published
- 2025-01-11T13:15:22Z
- Modified
- 2025-08-09T19:01:28Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net/smc: check smcdv2ext_offset when receiving proposal msg
When receiving proposal msg in server, the field smcdv2extoffset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcdv2extoffset exceed the max value, there has the chance to access wrong address, and crash may happen.
This patch checks the value of smcdv2ext_offset before using it.
- References
-
- https://git.kernel.org/stable/c/48d5a8a304a643613dab376a278f29d3e22f7c34
- https://git.kernel.org/stable/c/935caf324b445fe73d7708fae6f7176fb243f357
- https://git.kernel.org/stable/c/9ab332deb671d8f7e66d82a2ff2b3f715bc3a4ad
- https://git.kernel.org/stable/c/a36364d8d4fabb105001f992fb8ff2d3546203d6
- https://git.kernel.org/stable/c/e1cc8be2a785a8f1ce1f597f3e608602c5fccd46