CVE-2024-49979

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue concerns the Linux kernel's handling of TCP fragmentation. Specifically, it involves the net: gso: fix tcp fraglist segmentation after pull from frag list fix, which addresses a problem where optional datapath hooks like NAT and BPF can modify SKB GSO FRAGLIST skbs, breaking their invariants. This can lead to a NULL pointer dereference in tcpv4 gso segment list csum at tcp hdr(seg->next). The solution involves detecting invalid geometry due to pull by checking the head skb size and converting it to be able to pass to regular skb segment instead of skb segment list.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.