PT-2024-33835 · Linux+6 · Linux Kernel+6

Aleksander Jan Bajkowski

·

Published

2024-10-01

·

Updated

2026-03-14

·

CVE-2024-49997

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A memory disclosure issue has been identified in the Linux kernel, specifically in the lantiq etop driver. The problem occurs when applying padding to Ethernet frames, as the buffer is not properly zeroed, resulting in memory disclosure. The issue is observed on the wire. To address this, a patch has been applied that utilizes the skb put padto() function to correctly pad Ethernet frames, ensuring the expanded buffer is zeroed. If a packet cannot be padded, it is silently dropped without incrementing statistics. This issue affects Ethernet MACs on Amazon-SE and Danube, which cannot perform packet padding in hardware and thus require software padding.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-212

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-14046
ALT-PU-2024-14270
ALT-PU-2024-15739
ALT-PU-2024-16172
AZL-51834
BDU:2025-06999
CVE-2024-49997
DLA-4008-1
MGASA-2024-0344
MGASA-2024-0345
OESA-2024-2518
OESA-2024-2519
OESA-2024-2521
OESA-2024-2537
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2025:14705-1
USN-7166-1
USN-7166-2
USN-7166-3
USN-7166-4
USN-7186-1
USN-7186-2
USN-7194-1
USN-7276-1
USN-7277-1
USN-7293-1
USN-7294-1
USN-7294-2
USN-7294-3
USN-7294-4
USN-7295-1
USN-7301-1
USN-7303-1
USN-7303-2
USN-7303-3
USN-7304-1
USN-7310-1
USN-7311-1
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7393-1
USN-7401-1
USN-7403-1
USN-7413-1
USN-7468-1
USN-7539-1
USN-7540-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Ubuntu