CVE-2024-36933

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The vulnerability is related to the Network Service Header (NSH) implementation in the Linux kernel. The nsh gso segment() function, which is responsible for handling Generic Segmentation Offload (GSO) for NSH packets, has two issues. Firstly, after setting the protocol and pushing the NSH header, the outer header is stripped when the packet is sent out of the network device. Secondly, while restoring the mac header and network header, the function does not account for potential data shifts in the linear buffer, which can lead to incorrect mac header restoration. This can cause issues when sending crafted GSO packets with specific protocol layering, such as ETH P 8021AD + ETH P NSH + ETH P IPV6 + IPPROTO UDP. The vulnerability can be triggered by a crafted GSO packet, potentially leading to a denial-of-service condition.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.