Linux · Linux Kernel · CVE-2024-26752
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue is related to the l2tp component of the Linux kernel, specifically with the `l2tp ip6 sendmsg()` function in `net/l2tp/l2tp ip6.c`. The problem arises from an incorrect calculation in the code, which results in corrupted packets on the wire due to C operator precedence. This incorrect calculation occurs when the code attempts to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. The exploitation of this issue may allow an attacker to cause a denial of service.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.