PT-2024-33886 · Linux+7 · Linux Kernel+7

Andy Roulin

·

Published

2024-10-21

·

Updated

2025-10-03

·

CVE-2024-50045

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58
Description: A kernel panic can occur in the br netfilter module when sending untagged traffic via a VxLAN device. This happens during the check for fragmentation in br nf dev queue xmit. The issue is dependent on the br netfilter module being loaded, net.bridge.bridge-nf-call-iptables set to 1, a bridge with a VxLAN netdevice as a bridge port, and untagged frames with size higher than the VxLAN MTU forwarded or flooded. The crash occurs because the ip dst mtu function tries to use the skb dst(skb) as if it was a valid dst with valid dst->dev.
Recommendations: Update to Linux kernel version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the br netfilter module or restricting the use of VxLAN devices to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-20

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-14268
ALT-PU-2024-14270
ALT-PU-2024-14503
ALT-PU-2024-14704
ALT-PU-2024-15739
ALT-PU-2024-16172
ALT-PU-2024-17211
ALT-PU-2025-12647
AZL-51210
AZL-51252
BDU:2025-04480
CVE-2024-50045
DLA-4008-1
DLA-4075-1
MGASA-2024-0344
MGASA-2024-0345
OESA-2024-2491
OESA-2024-2492
OESA-2024-2493
OESA-2024-2494
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_3983-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3985-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2025:14705-1
SUSE-SU-2024:3983-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3985-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4100-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:0034-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7166-1
USN-7166-2
USN-7166-3
USN-7166-4
USN-7186-1
USN-7186-2
USN-7194-1
USN-7276-1
USN-7277-1
USN-7293-1
USN-7294-1
USN-7294-2
USN-7294-3
USN-7294-4
USN-7295-1
USN-7310-1
USN-7383-1
USN-7383-2
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7393-1
USN-7401-1
USN-7403-1
USN-7413-1
USN-7451-1
USN-7468-1
USN-7523-1
USN-7524-1
USN-7539-1
USN-7540-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu