PT-2024-29227 · Linux+6 · Linux Kernel+6

Geliang Tang

·

Published

2024-07-03

·

Updated

2026-03-14

·

CVE-2024-41048

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.43
Description The vulnerability is related to the sk msg recvmsg function in the Linux kernel, which can cause a kernel panic when a zero-length skb is passed to it. This issue occurs when running BPF selftests on a Loongarch platform. The root cause is that a zero-length skb, which is a TCP FIN packet sent by shutdown(), is put on the queue and later used in sk msg recvmsg, resulting in a NULL pointer being passed to page address(). To solve this, the kernel should skip the zero-length skb in sk msg recvmsg.
Recommendations To resolve this issue, update the Linux kernel to version 6.6.43 or later. If updating is not possible, consider disabling the BPF selftests or restricting access to the vulnerable function until a patch is available.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-01573
CVE-2024-41048
DLA-4008-1
MGASA-2024-0277
MGASA-2024-0278
OESA-2024-1960
OESA-2024-1962
OESA-2024-1964
OESA-2024-2258
OPENSUSE-SU-2024_2947-1
SUSE-SU-2024:2892-1
SUSE-SU-2024:2894-1
SUSE-SU-2024:2901-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2940-1
SUSE-SU-2024:2947-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3383-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7007-1
USN-7007-2
USN-7007-3
USN-7009-1
USN-7009-2
USN-7019-1
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7156-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu