U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-50251 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length parameter while iterating over skbuff, BUG_ON(len) at the end of it checks that the expected length to be included in the checksum calculation is fully consumed.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/0ab3be58b45b996764aba0187b46de19b3e58a72 Patch 
https://git.kernel.org/stable/c/a661ed364ae6ae88c2fafa9ddc27df1af2a73701 Patch 
https://git.kernel.org/stable/c/ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534 Patch 
https://git.kernel.org/stable/c/b1d2de8a669fa14c499a385e056944d5352b3b40 Patch 
https://git.kernel.org/stable/c/c43e0ea848e7b9bef7a682cbc5608022d6d29d7b Patch 
https://git.kernel.org/stable/c/d3217323525f7596427124359e76ea0d8fcc9874 Patch 
https://git.kernel.org/stable/c/d5953d680f7e96208c29ce4139a0e38de87a57fe Patch 
https://git.kernel.org/stable/c/e3e608cbad376674d19a71ccd0d41804d9393f02 Patch 
https://github.com/slavin-ayu/CVE-2024-50251-PoC

Weakness Enumeration

CWE-ID CWE Name Source
NVD-CWE-noinfo Insufficient Information cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-50251
NVD Published Date:
11/09/2024
NVD Last Modified:
11/21/2024
Source:
kernel.org