PT-2024-33875 · Linux+8 · Linux Kernel+8

Syzbot

·

Published

2024-10-10

·

Updated

2025-10-03

·

CVE-2024-50035

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58
Description: A vulnerability has been resolved in the Linux kernel related to the ppp async encode() function. The issue occurs when pppoe sendmsg() is called with a zero size, leading to ppp async encode() being called with an empty skb. This results in an uninit-value bug. The vulnerability is related to the ppp async encode() and ppp async push() functions in the drivers/net/ppp/ppp async.c file. The pppoe sendmsg() function is also involved in the issue.
Recommendations: To resolve the issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider disabling the ppp async encode() function until a patch is available. Restrict access to the pppoe sendmsg() function to minimize the risk of exploitation. Avoid using the ppp async push() function in the affected API endpoint until the issue is resolved.

Exploit

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

ALT-PU-2024-14268
ALT-PU-2024-14270
ALT-PU-2024-14503
ALT-PU-2024-14704
ALT-PU-2024-15739
ALT-PU-2024-16172
ALT-PU-2024-17211
ALT-PU-2025-12647
AZL-51111
AZL-51242
BDU:2025-04688
CVE-2024-50035
DLA-4008-1
DLA-4075-1
INFSA-2025_6966
MGASA-2024-0344
MGASA-2024-0345
OESA-2024-2368
OESA-2024-2369
OESA-2024-2370
OESA-2024-2371
OESA-2025-1097
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_3983-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3985-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2025:14705-1
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2024:3983-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3985-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4100-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:0034-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7166-1
USN-7166-2
USN-7166-3
USN-7166-4
USN-7186-1
USN-7186-2
USN-7194-1
USN-7276-1
USN-7277-1
USN-7293-1
USN-7294-1
USN-7294-2
USN-7294-3
USN-7294-4
USN-7295-1
USN-7310-1
USN-7383-1
USN-7383-2
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7393-1
USN-7401-1
USN-7403-1
USN-7413-1
USN-7451-1
USN-7468-1
USN-7523-1
USN-7524-1
USN-7539-1
USN-7540-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu