PT-2024-7178 · Linux+7 · Linux Kernel+7

Eric Dumazet

·

Published

2024-09-11

·

Updated

2026-03-27

·

CVE-2024-46854

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a data leakage vulnerability in the Linux kernel's net: dpaa component. When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. This can be avoided by extending all packets to ETH ZLEN, ensuring nothing is leaked in the padding. The bug can be reproduced by running $ ping -s 11 destination.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-402

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-49927
AZL-49994
BDU:2024-08517
CVE-2024-46854
DLA-4008-1
DLA-4075-1
DSA-5782-1
OESA-2024-2255
OESA-2024-2257
OESA-2024-2258
OESA-2024-2296
OPENSUSE-SU-2024_3587-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3985-1
OPENSUSE-SU-2024_3986-1
SUSE-SU-2024:3559-1
SUSE-SU-2024:3566-1
SUSE-SU-2024:3587-1
SUSE-SU-2024:3591-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3985-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
SUSE-SU-2026:0617-1
SUSE-SU-2026:1131-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7166-1
USN-7166-2
USN-7166-3
USN-7166-4
USN-7186-1
USN-7186-2
USN-7194-1
USN-7196-1
USN-7293-1
USN-7294-1
USN-7294-2
USN-7294-3
USN-7294-4
USN-7295-1
USN-7393-1
USN-7401-1
USN-7413-1
USN-7539-1
USN-7540-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu