CVE-2024-49571

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-49571
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49571.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-49571
Downstream
Related
Published
2025-01-11T13:15:24Z
Modified
2025-08-09T19:01:28Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

net/smc: check ipareaoffset and ipv6prefixes_cnt when receiving proposal msg

When receiving proposal msg in server, the field ipareaoffset and the field ipv6prefixescnt in proposal msg are from the remote client and can not be fully trusted. Especially the field ipareaoffset, once exceed the max value, there has the chance to access wrong address, and crash may happen.

This patch checks ipareaoffset and ipv6prefixes_cnt before using them.

References

Affected packages