PT-2024-6987 · Linux+7 · Linux Kernel+7

Muhammad Usama Anjum

·

Published

2024-09-09

·

Updated

2025-09-29

·

CVE-2024-46865

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the initialization of the grc in the Linux kernel. If the fou is NULL, the grc may be used uninitialized, potentially allowing an attacker to impact the confidentiality and availability of protected information. The vulnerability is associated with the function gue gro receive() in the net/ipv4/fou core.c module of the IPv4 protocol implementation in the Linux kernel.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-14270
ALT-PU-2024-14503
ALT-PU-2024-15739
ALT-PU-2024-16172
BDU:2024-08236
CVE-2024-46865
DLA-4008-1
DLA-4075-1
DSA-5782-1
OESA-2025-1097
OPENSUSE-SU-2025_01614-1
OPENSUSE-SU-2025_01620-1
OPENSUSE-SU-2025_01640-1
OPENSUSE-SU-2025_01707-1
SUSE-SU-2025:01600-1
SUSE-SU-2025:01614-1
SUSE-SU-2025:01620-1
SUSE-SU-2025:01640-1
SUSE-SU-2025:01707-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:01972-1
SUSE-SU-2025:20343-1
SUSE-SU-2025:20344-1
SUSE-SU-2025:20354-1
SUSE-SU-2025:20355-1
SUSE-SU-2025_01600-1
SUSE-SU-2025_01614-1
SUSE-SU-2025_01620-1
SUSE-SU-2025_01707-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_01972-1
USN-7166-1
USN-7166-2
USN-7166-3
USN-7166-4
USN-7186-1
USN-7186-2
USN-7194-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu