PT-2024-29261 · Linux+9 · Linux Kernel+9

Dongli Zhang

Published

2024-07-24

Updated

2026-01-12

CVE-2024-41091

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a missing verification for short frames in the tun xdp one() path, which could cause a corrupted skb to be sent downstack. Before the skb is transmitted, the tun xdp one-->eth type trans() may access the Ethernet header although it can be less than ETH HLEN. Once transmitted, this could either cause out-of-bound access beyond the actual length, or confuse the underlayer with incorrect or inconsistent header length in the skb metadata. The alternative path, tun get user(), already prohibits short frames with lengths less than the Ethernet header size from being transmitted for IFF TAP. This is to drop any frame shorter than the Ethernet header size.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-20

Related Identifiers

ALSA-2024:5928

ALSA-2024:7000

ALSA-2024:7001

ALSA-2025_16880

BDU:2025-04173

CESA-2024_7000

CESA-2024_7001

CESA-2024_7429

CVE-2024-41091

DLA-4008-1

DSA-5747-1

INFSA-2024_5928

INFSA-2024_7000

INFSA-2024_7001

MGASA-2024-0277

MGASA-2024-0278

OESA-2024-1960

OESA-2024-1962

OESA-2024-1964

OESA-2024-2258

OPENSUSE-SU-2024_2947-1

RHSA-2024:5256

RHSA-2024:5257

RHSA-2024:5281

RHSA-2024:5582

RHSA-2024:5672

RHSA-2024:5673

RHSA-2024:5858

RHSA-2024:5928

RHSA-2024:6156

RHSA-2024:6160

RHSA-2024:6206

RHSA-2024:6242

RHSA-2024:6313

RHSA-2024:6560

RHSA-2024:6663

RHSA-2024:6992

RHSA-2024:7000

RHSA-2024:7001

RHSA-2024:7429

RHSA-2024_5928

RHSA-2024_7000

RHSA-2024_7001

RLSA-2024:7001

SUSE-SU-2024:2802-1

SUSE-SU-2024:2892-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2901-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2940-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-7088-1

USN-7088-2

USN-7088-3

USN-7088-4

USN-7088-5

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7100-1

USN-7100-2

USN-7119-1

USN-7123-1

USN-7144-1

USN-7156-1

USN-7194-1

Affected Products

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-29261 · Linux+9 · Linux Kernel+9

CVE-2024-41091

Weakness Enumeration

Related Identifiers

Affected Products

References · 4259