CVE-2024-49571

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-49571

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49571.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-49571

Downstream

BELL-CVE-2024-49571

DEBIAN-CVE-2024-49571

DLA-4076-1

OESA-2025-1110

OESA-2025-1111

OESA-2025-1113

OESA-2025-1114

SUSE-SU-2025:01919-1

SUSE-SU-2025:01951-1

SUSE-SU-2025:01967-1

SUSE-SU-2025:1177-1

SUSE-SU-2025:1178-1

SUSE-SU-2025:1180-1

SUSE-SU-2025:1293-1

Related

Published

2025-01-11T13:15:24Z

Modified

2025-08-09T19:01:28Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

net/smc: check ipareaoffset and ipv6prefixes_cnt when receiving proposal msg

When receiving proposal msg in server, the field ipareaoffset and the field ipv6prefixescnt in proposal msg are from the remote client and can not be fully trusted. Especially the field ipareaoffset, once exceed the max value, there has the chance to access wrong address, and crash may happen.

This patch checks ipareaoffset and ipv6prefixes_cnt before using them.

References

Affected packages