PT-2024-9077 · Linux+9 · Linux Kernel+9

Ken Milmore

·

Published

2024-05-23

·

Updated

2025-09-29

·

CVE-2024-38586

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to the r8169 component of the Linux kernel, which can cause ring buffer corruption when transmitting small fragmented packets. This is due to the rtl8169 start xmit() function not noticing changes to nr frags when packets are padded to work around hardware quirks in rtl8169 tso csum v2(). The problem leads to invalid entries being inserted into the transmit ring buffer, resulting in calls to dma unmap single() with a null address. To fix this, the inspection of nr frags is postponed until after any padding has been applied.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

ALSA-2024:4583
ALSA-2024:8856
ALSA-2024:8870
ALSA-2025_16880
BDU:2024-10759
CESA-2024_8856
CESA-2024_8870
CVE-2024-38586
DSA-5730-1
INFSA-2024_4583
INFSA-2024_8856
INFSA-2024_8870
MGASA-2024-0263
MGASA-2024-0266
OESA-2024-1860
OESA-2024-1861
OESA-2024-1863
OPENSUSE-SU-2024_2947-1
RHSA-2024:4583
RHSA-2024:5364
RHSA-2024:5365
RHSA-2024:6206
RHSA-2024:6297
RHSA-2024:8856
RHSA-2024:8870
RHSA-2024_4583
RHSA-2024_8856
RHSA-2024_8870
RLSA-2024:4583
RLSA-2024:8856
RLSA-2024:8870
SUSE-SU-2024:2802-1
SUSE-SU-2024:2894-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2947-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6949-1
USN-6949-2
USN-6952-1
USN-6952-2
USN-6955-1
USN-7007-1
USN-7007-2
USN-7007-3
USN-7009-1
USN-7009-2
USN-7019-1

Affected Products

Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu