PT-2024-8332 · Linux+9 · Linux Kernel+9

Published

2024-03-29

·

Updated

2025-09-29

·

CVE-2024-35890

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the incorrect handling of packets in the Linux kernel's gro component. When packets are GROed with fraglist, they might be segmented later and continue their journey in the stack. In skb segment list, those skbs can be reused as-is, which is an issue because their destructor was removed in skb gro receive list but not the reference to their socket, making them unable to be orphaned. This can lead to a kernel bug. The vulnerability can be exploited to cause a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-388

Related Identifiers

ALSA-2024:3306
ALSA-2024:4211
ALSA-2024:4352
ALSA-2025_16880
BDU:2024-09888
CESA-2024_4211
CESA-2024_4352
CVE-2024-35890
INFSA-2024_3306
INFSA-2024_4211
INFSA-2024_4352
OPENSUSE-SU-2024_2947-1
RHSA-2024:11485
RHSA-2024:1881
RHSA-2024:3306
RHSA-2024:4211
RHSA-2024:4352
RHSA-2024:4415
RHSA-2024_3306
RHSA-2024_4211
RHSA-2024_4352
RHSA-2025:0062
RLSA-2024:4211
RLSA-2024:4352
RXSA-2024:4211
SUSE-SU-2024:2802-1
SUSE-SU-2024:2894-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2947-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6893-1
USN-6893-2
USN-6893-3
USN-6898-1
USN-6898-2
USN-6898-3
USN-6898-4
USN-6917-1
USN-6918-1
USN-6919-1
USN-6927-1
USN-7019-1

Affected Products

Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu