PT-2024-33820 · Linux+7 · Linux Kernel+7

Willem De Bruijn

·

Published

2024-10-21

·

Updated

2026-05-26

·

CVE-2024-49978

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58
Description: The issue concerns the Linux kernel, where a vulnerability has been resolved related to the handling of UDP GSO fraglist segmentation after data is pulled from the frag list. This occurs when optional datapath hooks, such as NAT and BPF, modify SKBs, breaking their invariants. In extreme cases, this can cause a NULL pointer dereference. The fix involves detecting SKBs with corrupted geometry and passing them to skb segment instead of skb segment list.
Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting the use of optional datapath hooks such as NAT and BPF to minimize the risk of exploitation.

Exploit

Fix

DoS

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-14046
AZL-51829
BDU:2025-07989
CVE-2024-49978
DLA-4008-1
MGASA-2024-0344
MGASA-2024-0345
OESA-2024-2367
OESA-2024-2368
OESA-2024-2369
OESA-2024-2371
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2025:14705-1
OPENSUSE-SU-2025_0428-1
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0557-1
SUSE-SU-2025:0428-1
SUSE-SU-2025:0499-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:0564-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025_0428-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
USN-7276-1
USN-7277-1
USN-7301-1
USN-7303-1
USN-7303-2
USN-7303-3
USN-7304-1
USN-7310-1
USN-7311-1
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7403-1
USN-7468-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu